CVE-2018-5764

Published: 17 January 2018

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.1.2-2.1ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (3.1.1-3ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.1.0-2ubuntu0.4)