PT-2017-14348 · Rsync Developers+1 · Rsync+1

Published

2017-10-29

Updated

2019-10-03

CVE-2017-15994

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions rsync versions prior to 2017-10-24

Description The issue makes it easier for remote attackers to bypass intended access restrictions by mishandling archaic checksums. This problem is not limited to the rsync developers, as the code has been used in various GitHub projects.

Recommendations For versions prior to 2017-10-24, update to a version that includes the fix for the checksum handling issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-354

Related Identifiers

ALT-PU-2018-1219

CVE-2017-15994

Affected Products

Alt Linux

Rsync

PT-2017-14348 · Rsync Developers+1 · Rsync+1

CVE-2017-15994

Weakness Enumeration

Related Identifiers

Affected Products

References · 16