Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2018-5764

Published: 17 January 2018

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

Notes

AuthorNote
leosilva
for precise/esm code is slightly different.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
upstream Needs triage

precise
Released (3.0.9-1ubuntu1.3)
trusty
Released (3.1.0-2ubuntu0.4)
xenial
Released (3.1.1-3ubuntu1.2)
artful
Released (3.1.2-2ubuntu0.2)