CVE-2014-8990

Опубликовано: 05 дек. 2014

Источник: debian

Описание

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

Пакет	Статус	Версия исправления	Релиз	Тип
lsyncd	fixed	2.1.5-2		package
lsyncd	no-dsa		squeeze	package

https://github.com/axkibe/lsyncd/issues/220
Upstream commit: https://github.com/creshal/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52
also required: https://github.com/axkibe/lsyncd/commit/e9ffda07f0145f50f2756f8ee3fb0775b455122b
the initial commit would be an incomplete fix and needs additional changes

CVE-2014-8990

ubuntu

около 11 лет назад

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

CVE-2014-8990

nvd

около 11 лет назад

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

GHSA-2jg7-cr9w-6gw3

github

больше 3 лет назад

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.