CVE-2017-17434

Current Description

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.

Basic Data

PublishedDecember 06, 2017
Last ModifiedOctober 03, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score9.8
CVSS 3 - Base SeverityCRITICAL
Exploitability Score3.9
Base SeverityCRITICAL

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSambaRsync********3.1.2
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux8.0*******
    2.3OSDebianDebian Linux9.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 8.0, 9.0
Samba Rsync *

References

NameSourceURLTags
http://security.cucumberlinux.com/security/details.php?id=170http://security.cucumberlinux.com/security/details.php?id=170CONFIRMThird Party Advisory
https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1MISCPatch
https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9MISCPatch
[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security updatehttps://lists.debian.org/debian-lts-announce/2017/12/msg00020.htmlMLIST
DSA-4068https://www.debian.org/security/2017/dsa-4068DEBIANThird Party Advisory