05 Déc 2017
CVE-2017-17434 - CVE Vulnerability
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. (CVSS:0.0) (Last Update:2017-12-05)
Vulnerability Details : The daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. Publish Date : 2017-12-05 Last Update Date : 2017-12-05 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-17434
- References For CVE-2017-17434
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-17434There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |