| Errata ID | 397 |
|---|---|
| Date | 2018-05-08 |
| Source package | rsync |
| Fixed in version | 3.1.1-3+deb8u1A~4.2.3.201801251012 |
| Description | This update addresses the following issues: * The receive_xattr function in xattrs.c does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. (CVE-2017-16548) * The recv_files function in receiver.c proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. (CVE-2017-17433) * rsync does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. (CVE-2017-17434) |
| Additional notes | |
| CVE ID | CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 |
| UCS Bug number | #46159 |
