Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2017-17433

Published: August 31, 2023Last modified: August 31, 2023

Description

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.

Severity score breakdown

ParameterValue
Base score3.7
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactLOW
Availability impactNONE
VectorCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSrsyncNot affected (3.2.7-r0)
StreamrsyncNot affected (3.2.7-r4)

References

ON THIS PAGE