PT-2017-14348 · Rsync Developers+1 · Rsync+1

Publicado

2017-10-29

·

Atualizado

2019-10-03

·

CVE-2017-15994

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions rsync versions prior to 2017-10-24
Description The issue makes it easier for remote attackers to bypass intended access restrictions by mishandling archaic checksums. This problem is not limited to the rsync developers, as the code has been used in various GitHub projects.
Recommendations For versions prior to 2017-10-24, update to a version that includes the fix for the checksum handling issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-354

Identificadores relacionados

ALT-PU-2018-1219
CVE-2017-15994

Produtos afetados

Alt Linux
Rsync