CVE-2017-15994

Published: 29 October 2017

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3
Upstream: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b
Upstream: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55
Upstream: https://git.samba.org/?p=rsync.git;a=commit;h=bc112b0e7feece62ce98708092306639a8a53cce (check)
Upstream: https://git.samba.org/?p=rsync.git;a=commit;h=416e719bea4f5466c8dd2b34cac0059b6ff84ff3 (check)

Notes

AuthorNote
mdeslaur
introduced and fixed during 3.1.3 development period

References