81 matches found
UBUNTU-CVE-2024-12084
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...
PT-2024-10125
The rsync daemon is affected by a flaw that can be triggered when comparing file checksums, allowing an attacker to manipulate the checksum length and cause a comparison between a checksum and uninitialized memory. This results in the leak of one byte of uninitialized stack data at a time. An...
Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2023-002)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-002 advisory. An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large numbe...
K15604: Multiple rsync vulnerabilities
Security Advisory Description Following are descriptions of various rsync vulnerabilities: CVE-2006-2083 Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes th...
SUSE CVE-2018-5764
The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism...
CVE-2022-3596
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials. Mitigation Th...
AlmaLinux 9 : rsync (ALSA-2022:4592)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4592 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. T...
CVE-2018-5764, CVE-2017-16548 and CVE-2017-1734. Vulnerabilities in rsynd
Security Advisory ID : BSA-2022-2074 Component : rsyncd Revision : 1.0 CVE-2018-5764: The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. Base...
The vulnerability of the recv_files and read_ndx_and attrs functions in the rsync daemon allows a hacker to circumvent existing access restrictions and compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of rsync exists due to the lack of checks on the filenames fnamecmp in the daemonfilterlist data structure in the recvfiles function in receiver.c, and the absence of a sanitizepaths mechanism for paths found in the “xname follows” strings in the readndxand attrs function in...
The vulnerability of the `parse_arguments` function in the rsyncd server’s Rsync utility allows users to compromise data integrity.
The vulnerability of the parsearguments function in the rsyncd utility’s options.c file of the rsync server is related to the possibility of using multiple protect-args parameters. This allows attackers to circumvent existing security mechanisms. Exploiting this vulnerability could enable a remot...
rsync 'parse_arguments' function protection mechanism bypass vulnerability
rsync is a suite of data mirroring backup applications for Unix-like systems developed by Australian software developers Andrew Tridgell and Paul Mackerras, which synchronizes the updating of files and directories between two computers and reduces data transfers by using differential encoding...
ALPINE-CVE-2018-5764
The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism...
UBUNTU-CVE-2018-5764
The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism...
CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...
Design/Logic Flaw
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...
CVE-2017-17433
The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...
Design/Logic Flaw
The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...
CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...
DEBIAN-CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...
ALPINE-CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...