Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-15994

Опубликовано: 29 окт. 2017
Источник: debian
EPSS Низкий

Описание

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
rsyncnot-affectedpackage

Примечания

  • https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3

  • https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55

  • https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b

  • And possibly the following two commits on top:

  • https://git.samba.org/?p=rsync.git;a=commit;h=bc112b0e7feece62ce98708092306639a8a53cce

  • https://git.samba.org/?p=rsync.git;a=commit;h=416e719bea4f5466c8dd2b34cac0059b6ff84ff3

  • The following commit introduced special handling of archaic versions / handling of

  • --checksum-choice option to choose the checksum algorithms:

  • https://git.samba.org/?p=rsync.git;a=commit;h=a5a7d3a297b836387b0ac677383bdddaf2ac3598

EPSS

Процентиль: 33%
0.00128
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-15994

CVSS3: 9.8
ubuntu
больше 8 лет назад

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

redhat логотип

CVE-2017-15994

CVSS3: 5.4
redhat
больше 8 лет назад

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

nvd логотип

CVE-2017-15994

CVSS3: 9.8
nvd
больше 8 лет назад

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

github логотип

GHSA-m83x-3x2c-26q8

CVSS3: 9.8
github
больше 3 лет назад

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

EPSS

Процентиль: 33%
0.00128
Низкий