CLSA-2026-1776769741 rsync: Fix of 3 CVEs

CVE-2017-16548: fix heap overread in receivexattr by enforcing trailing NUL on received xattr names - CVE-2017-17434: sanitize xname in readndxandattrs and check daemon filter against fnamecmp in recvfiles - CVE-2018-5764: prevent client from resetting protectargs during the second parsearguments...

CVE-2018-5764, CVE-2017-16548 and CVE-2017-1734. Vulnerabilities in rsynd

Security Advisory ID : BSA-2022-2074 Component : rsyncd Revision : 1.0 CVE-2018-5764: The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. Base...

The vulnerability of the `parse_arguments` function in the rsyncd server’s Rsync utility allows users to compromise data integrity.

The vulnerability of the parsearguments function in the rsyncd utility’s options.c file of the rsync server is related to the possibility of using multiple protect-args parameters. This allows attackers to circumvent existing security mechanisms. Exploiting this vulnerability could enable a remot...

PT-2018-1905 · Rsync +3 · Rsync +3

Name of the Vulnerable Software and Affected Versions: rsync versions prior to 3.1.3 Description: The issue is related to the parse arguments function in options.c in rsyncd, which does not prevent multiple uses of the --protect-args parameter. This allows remote attackers to bypass an...