#VU10307 Security restrictions bypass in Rsync


Published: 2018-01-25 | Updated: 2018-01-29

Vulnerability identifier: #VU10307

Vulnerability risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5764

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Rsync
Server applications / Other server solutions

Vendor: Samba

Description
The vulnerability allows a remote attacker to bypass security controls on the target system.

The weakness exists in the parse_arguments() function in 'options.c' due to insufficient validation of user-supplied input. A remote attacker can send multiple '--protect-args' values and  bypass the argument-sanitization protection mechanism.

Mitigation
Update to version 3.1.3.

Vulnerable software versions

Rsync: 3.1.0 - 3.1.2

External links
http://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Cloud Pak for Network Automation
Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps
Gentoo update for rsync
Security restrictions bypass in rsync (Alpine package)
Slackware Linux update for rsync
Arch Linux update for rsync
Security restrictions bypass in Samba Rsync
Ubuntu update for rsync
Ubuntu update for rsync