CVE-2017-17434

Related Files

Gentoo Linux Security Advisory 201801-16

Posted Jan 17, 2018

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-16 - Multiple vulnerabilities have been found in rsync, the worst of which could allow remote attackers to bypass access restrictions. Versions less than 3.1.2-r2 are affected.

tags | advisory, remote, vulnerability

systems | linux, gentoo

advisories | CVE-2017-16548, CVE-2017-17433, CVE-2017-17434

SHA-256 | 831d1d38637b56df23136f76f6a2bfc1533753d716c4268ea9413e0b6e062222

Download | Favorite | View

Ubuntu Security Notice USN-3506-2

Posted Dec 7, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3506-2 - USN-3506-1 fixed two vulnerabilities in rsync. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. Various other issues were also addressed.

tags | advisory, vulnerability

systems | linux, ubuntu

advisories | CVE-2017-17433, CVE-2017-17434

SHA-256 | fadf821b7f75a4e2b252ef20c8691b6094a528145976b83c1b2f9e35357a8062

Download | Favorite | View

Ubuntu Security Notice USN-3506-1

Posted Dec 7, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3506-1 - It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitize_paths protection mechanism to pathnames. An attacker could use this to bypass access restrictions. Various other issues were also addressed.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2017-17433, CVE-2017-17434

SHA-256 | 8f97470368f1ee947f4293ade4fb9b4051d27097ac26ac0d6e612c9ef333dfde

Download | Favorite | View