Advisory ROSA-SA-2021-1964

Software: rsync 3.1.2
OS: Cobalt 7.9

CVE-ID: CVE-2017-15994
CVE-Crit: CRITICAL
CVE-DESC: rsync 3.1.3-development before 10/24-2017 incorrectly handles outdated checksums, making it easy for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch is widely used not only by rsync developers, for example, the code has been copied for use in various GitHub projects.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-17433
CVE-Crit: LOW
CVE-DESC: The recv_files function in the Receiver.c file in daemon in rsync 3.1.2 and 3.1.3-development until 2017-12-03 continues certain file metadata updates before checking the file name in the daemon_filter_list data structure, allowing remote attackers to bypass intended access restrictions.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2017-17434
CVE-Crit: CRITICAL
CVE-DESC: daemon in rsync 3.1.2 and 3.1.3-development before 03.12.2017 does not check fnamecmp filenames in daemon_filter_list data structure (in recv_files function in Receiver.c file), nor does it. apply the sanitize_paths protection mechanism to path names found in “xname follow” strings (in the read_ndx_and_attrs function in rsync.c), allowing remote attackers to bypass intended access restrictions.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-16548
CVE-Crit: CRITICAL
CVE-DESC: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check the terminating character ‘\ 0’ in the xattr name, allowing remote attackers to cause a denial of service (heap -based buffer re-read and application crash) or possibly have an unspecified other impact by sending created data to the daemon.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-5764
CVE-Crit: HIGH
CVE-DESC: The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple uses of --protect-args, allowing remote attackers to bypass the argument scrubbing protection mechanism.
CVE-STATUS: default
CVE-REV: default