{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-02T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://security.cucumberlinux.com/security/details.php?id=170"}, {"name": "DSA-4068", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4068"}, {"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17434", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9", "refsource": "MISC", "url": "https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"}, {"name": "http://security.cucumberlinux.com/security/details.php?id=170", "refsource": "CONFIRM", "url": "http://security.cucumberlinux.com/security/details.php?id=170"}, {"name": "DSA-4068", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4068"}, {"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"}, {"name": "https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1", "refsource": "MISC", "url": "https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:51:31.647Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://security.cucumberlinux.com/security/details.php?id=170"}, {"name": "DSA-4068", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4068"}, {"name": "[debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17434", "datePublished": "2017-12-06T03:00:00", "dateReserved": "2017-12-05T00:00:00", "dateUpdated": "2024-08-05T20:51:31.647Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*", "matchCriteriaId": "F490A8DC-BDAF-4AD0-95E3-F98D5BDA75B9", "versionEndIncluding": "3.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions."}, {"lang": "es", "value": "El demonio en rsync 3.1.2 y 3.1.3-development en versiones anteriores a la 2017-11-03 no busca nombres de archivo fnamecmp en la estructura de datos daemon_filter_list (en la funci\u00f3n recv_files en receiver.c) y tampoco aplica el mecanismo de protecci\u00f3n sanitize_paths a los nombres de ruta hallados en cadenas \"xname follows\" (en la funci\u00f3n read_ndx_and_attrs en rsync.c). Esto permite que atacantes remotos omitan las restricciones de acceso planeadas."}], "id": "CVE-2017-17434", "lastModified": "2023-11-07T02:41:42.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-06T03:29:00.267", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://security.cucumberlinux.com/security/details.php?id=170"}, {"source": "cve@mitre.org", "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=5509597decdbd7b91994210f700329d8a35e70a1"}, {"source": "cve@mitre.org", "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=70aeb5fddd1b2f8e143276f8d5a085db16c593b9"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4068"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "rsync: daemon does not check for fnamecmp filenames allowing for access restriction bypass", "id": "1522875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1522875"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-287", "details": ["The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in \"xname follows\" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions."], "name": "CVE-2017-17434", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "rsync", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "rsync", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "rsync", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2017-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-17434\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17434"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}