#VU10307 Security restrictions bypass in Rsync - CVE-2018-5764


| Updated: 2018-01-29

Vulnerability identifier: #VU10307

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5764

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Rsync
Server applications / Other server solutions

Vendor: Samba

Description
The vulnerability allows a remote attacker to bypass security controls on the target system.

The weakness exists in the parse_arguments() function in 'options.c' due to insufficient validation of user-supplied input. A remote attacker can send multiple '--protect-args' values and  bypass the argument-sanitization protection mechanism.

Mitigation
Update to version 3.1.3.

Vulnerable software versions

Rsync: 3.1.0 - 3.1.2

External links
https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Amazon Linux AMI update for httpd24
Multiple vulnerabilities in IBM Cloud Pak for Network Automation
Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps
Gentoo update for rsync
Security restrictions bypass in rsync (Alpine package)
Slackware Linux update for rsync
Fedora 26 update for rsync
Arch Linux update for rsync
Security restrictions bypass in Samba Rsync
Fedora 27 update for rsync