Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201702-05
HistoryFeb 10, 2017 - 12:00 a.m.

Lsyncd: Remote execution of arbitrary code

2017-02-1000:00:00
Gentoo Foundation
security.gentoo.org
20

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.2%

JSON

Background

A daemon to synchronize local directories using rsync.

Description

default-rsyncssh.lua in Lsyncd performed insufficient sanitising of filenames.

Impact

An attacker, able to control files processed by Lsyncd, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Lsyncd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/lsyncd-2.1.6"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-admin/lsyncd< 2.1.6UNKNOWN

Related

nessus 5
debian 1
prion 1
openvas 5
fedora 3
ubuntucve 1
nvd 1
debiancve 1
cvelist 1
cve 1
osv 1
nessus
nessus
GLSA-201702-05 : Lsyncd: Remote execution of arbitrary code
2017-02-13 00:00:00
Fedora 20 : lsyncd-2.1.4-4.fc20.1 (2014-15393)
2014-12-03 00:00:00
Debian DSA-3130-1 : lsyncd - security update
2015-01-19 00:00:00
debian
debian
[SECURITY] [DSA 3130-1] lsyncd security update
2015-01-16 22:05:06
prion
prion
Code injection
2014-12-05 16:59:00
openvas
openvas
Fedora Update for lsyncd FEDORA-2014-15338
2015-01-05 00:00:00
Fedora Update for lsyncd FEDORA-2014-15373
2014-12-03 00:00:00
Fedora Update for lsyncd FEDORA-2014-15393
2014-12-03 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: lsyncd-2.1.5-6.fc21
2014-12-06 10:10:03
[SECURITY] Fedora 20 Update: lsyncd-2.1.4-4.fc20.1
2014-12-03 01:00:59
[SECURITY] Fedora 19 Update: lsyncd-2.1.4-4.fc19.1
2014-12-03 01:04:35
ubuntucve
ubuntucve
CVE-2014-8990
2014-12-05 00:00:00
nvd
nvd
CVE-2014-8990
2014-12-05 16:59:11
debiancve
debiancve
CVE-2014-8990
2014-12-05 16:59:11
cvelist
cvelist
CVE-2014-8990
2014-12-05 16:00:00
cve
cve
CVE-2014-8990
2014-12-05 16:59:11
osv
osv
lsyncd - security update
2015-01-16 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.2%

JSON
Related for GLSA-201702-05
nessus5debian1prion1openvas5fedora3ubuntucve1nvd1debiancve1cvelist1cve1osv1