CVE-2017-17433

Name of the Vulnerable Software and Affected Versions rsync versions 3.1.2 through 3.1.3-development before 2017-12-03

Description The issue is related to the recv files function in receiver.c in the rsync daemon, which allows remote attackers to bypass intended access restrictions by proceeding with certain file metadata updates before checking for a filename in the daemon filter list data structure. This can potentially impact data integrity.

Recommendations For rsync versions 3.1.2 through 3.1.3-development before 2017-12-03, consider disabling the recv files function in the daemon until a patch is available to prevent remote attackers from bypassing access restrictions. Restrict access to the daemon filter list data structure to minimize the risk of exploitation.