CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 2CVE-2022-29154 – rsync: remote arbitrary files write inside the directories of connecting peers
https://notcve.org/view.php?id=CVE-2022-29154
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). Se ha detectado un problema en rsync versiones anteriores a 3.2.5, que permite a servidores remotos maliciosos escribir archivos arbitrarios dentro de los directorios de los pares conectados. • https://github.com/EgeBalci/CVE-2022-29154 http://www.openwall.com/lists/oss-security/2022/08/02/1 https://github.com/WayneD/rsync/tags https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2 https://access.redhat.com/security/cve/CVE-2022-29154 https://bugzilla.redhat.com/show_bug.cgi?id=2110928 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-14387
https://notcve.org/view.php?id=CVE-2020-14387
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4. • https://bugzilla.redhat.com/show_bug.cgi?id=1875549 • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-5764
https://notcve.org/view.php?id=CVE-2018-5764
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. La función parse_arguments en options.c en rsync, en versiones anteriores a la 3.1.3, no evita los usos múltiples de --protect-args, lo que permite que atacantes remotos omitan un mecanismo de protección de saneamiento de argumentos. • http://www.securityfocus.com/bid/102803 http://www.securitytracker.com/id/1040276 https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=7706303828fcde524222babb2833864a4bd09e07 https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html https://lists.debian.org/debian-lts-announce/2021/11/msg00028.html https://security.gentoo.org/glsa/ •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-17433
https://notcve.org/view.php?id=CVE-2017-17433
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. La función recv_files en receiver.c en el demonio en rsync 3.1.2 y 3.1.3-development en versiones anteriores a la 2017-11-03 continúa ciertas actualizaciones de metadatos de archivos antes de buscar un nombre de archivo en la estructura de datos daemon_filter_list. Esto permite que atacantes remotos omitan las restricciones de acceso planeadas. • http://security.cucumberlinux.com/security/details.php?id=169 https://bugzilla.redhat.com/show_bug.cgi?id=1522874#c4 https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html https://www.debian.org/security/2017/dsa-4068 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-17434
https://notcve.org/view.php?id=CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. El demonio en rsync 3.1.2 y 3.1.3-development en versiones anteriores a la 2017-11-03 no busca nombres de archivo fnamecmp en la estructura de datos daemon_filter_list (en la función recv_files en receiver.c) y tampoco aplica el mecanismo de protección sanitize_paths a los nombres de ruta hallados en cadenas "xname follows" (en la función read_ndx_and_attrs en rsync.c). Esto permite que atacantes remotos omitan las restricciones de acceso planeadas. • http://security.cucumberlinux.com/security/details.php?id=170 https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1 https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9 https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html https://www.debian.org/security/2017/dsa-4068 •