Andrew Tridgell

**Name of the Vulnerable Software and Affected Versions** rsync versions prior to 3.4.3 **Description** A symlink race condition exists in path-based system calls, including `chmod()`, `lchown()`, `utimes()`, `rename()`, `unlink()`, `mkdir()`, `symlink()`, `mknod()`, `link()`, `rmdir()`, and `lstat()`. Local attackers with filesystem access can exploit the timing window between path resolution and system call execution by swapping symlinks. This allows the redirection of operations to files outside the exported rsync module, enabling the application of sender-supplied permissions, ownership, timestamps, or filenames to arbitrary files. This issue affects rsync daemons configured with `use chroot = no`. **Recommendations** Update to version 3.4.3 or later. Configure rsync daemons to use `use chroot = yes` to prevent access outside the module boundary.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to a buffer overflow in the SMB capability, which can be exploited by remote attackers. This can lead to a denial of service and potentially allow the execution of arbitrary code. The attack is carried out via an SMB packet that specifies a smaller buffer length than is required. Recommendations: For Microsoft Windows XP, 2000, and NT, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.