VYPR

rpm package

suse/rsync&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Vulnerabilities (4)

  • CVE-2018-5764HigJan 17, 2018
    affected < 3.1.0-13.10.1fixed 3.1.0-13.10.1

    The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

  • CVE-2017-17434CriDec 6, 2017
    affected < 3.1.0-13.7.1fixed 3.1.0-13.7.1

    The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xna

  • CVE-2017-17433LowDec 6, 2017
    affected < 3.1.0-13.7.1fixed 3.1.0-13.7.1

    The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended acces

  • CVE-2017-16548CriNov 6, 2017
    affected < 3.1.0-13.7.1fixed 3.1.0-13.7.1

    The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified o