CVE-2017-17433

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:samba:rsync:3.1.2:*:*:*:*:*:*:*

History

07 Nov 2023, 02:41

Type Values Removed Values Added
References
  • {'url': 'https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51', 'name': 'https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51', 'tags': ['Patch'], 'refsource': 'MISC'}
  • () https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 -

Information

Published : 2017-12-06 03:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-17433

Mitre link : CVE-2017-17433

CVE.ORG link : CVE-2017-17433


JSON object : View

Products Affected

debian

  • debian_linux

samba

  • rsync
CWE
CWE-862

Missing Authorization