CVE-2018-5764

Published: 17 January 2018

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.1.1-3ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.1.0-2ubuntu0.4)