CVE-2017-17434

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-17434
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17434.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-17434
Related
Published
2017-12-06T03:29:00Z
Modified
2024-12-07T00:50:52.813425Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure (in the recvfiles function in receiver.c) and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings (in the readndxand_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.

References

Affected packages

Alpine:v3.12 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Alpine:v3.13 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Alpine:v3.14 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Alpine:v3.15 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Alpine:v3.16 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Alpine:v3.17 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Alpine:v3.18 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Alpine:v3.19 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Alpine:v3.20 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Alpine:v3.21 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Alpine:v3.7 / rsync

Package

Name
rsync
Purl
pkg:apk/alpine/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-r7

Affected versions

3.*

3.0.5-r0
3.0.6-r0
3.0.6-r1
3.0.7-r0
3.0.7-r1
3.0.8-r0
3.0.9-r0
3.0.9-r1
3.1.0-r0
3.1.1-r0
3.1.1-r1
3.1.1-r2
3.1.2-r2
3.1.2-r3
3.1.2-r4
3.1.2-r5
3.1.2-r6

Debian:11 / rsync

Package

Name
rsync
Purl
pkg:deb/debian/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rsync

Package

Name
rsync
Purl
pkg:deb/debian/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rsync

Package

Name
rsync
Purl
pkg:deb/debian/rsync?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / git.samba.org/rsync.git

Affected ranges

Type
GIT
Repo
https://git.samba.org/rsync.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
16b49716d55a50f2e985b879b720b2c53c892a3a

Affected versions

Other

mbp_bk_export0

v1.*

v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4

v2.*

v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.1
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7pre2
v2.4.7pre4
v2.5.0
v2.5.1
v2.5.1pre1
v2.5.1pre2
v2.5.1pre3
v2.5.2
v2.5.2pre1
v2.5.2pre2
v2.5.2pre3
v2.5.3
v2.5.3pre1
v2.5.4
v2.5.4pre1
v2.5.5
v2.5.5.rc1
v2.5.6
v2.6.0
v2.6.0pre1
v2.6.0pre2
v2.6.1
v2.6.1pre1
v2.6.1pre2
v2.6.2
v2.6.2pre1
v2.6.3
v2.6.3pre1
v2.6.3pre2
v2.6.4
v2.6.4pre1
v2.6.4pre2
v2.6.4pre3
v2.6.4pre4
v2.6.5
v2.6.5pre1
v2.6.5pre2
v2.6.6pre1
v2.6.7
v2.6.7pre1
v2.6.7pre2
v2.6.7pre3
v2.6.8
v2.6.8pre1
v2.6.9
v2.6.9pre1
v2.6.9pre2
v2.6.9pre3

v3.*

v3.0.0
v3.0.0pre1
v3.0.0pre10
v3.0.0pre2
v3.0.0pre3
v3.0.0pre4
v3.0.0pre5
v3.0.0pre6
v3.0.0pre7
v3.0.0pre8
v3.0.0pre9
v3.0.1
v3.0.1pre1
v3.0.1pre2
v3.0.1pre3
v3.0.2
v3.0.3
v3.0.3pre1
v3.0.3pre2
v3.0.3pre3
v3.1.0
v3.1.0pre1
v3.1.1
v3.1.1pre1
v3.1.1pre2
v3.1.2
v3.1.2pre1