CVE-2017-8805

Опубликовано: 17 окт. 2017

Источник: debian

Описание

Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
archvsync	fixed	20171017		package

Примечания

https://www.openwall.com/lists/oss-security/2017/10/17/2
https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016

Связанные уязвимости

CVE-2017-8805

CVSS3: 9.1

ubuntu

больше 8 лет назад

Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.

CVE-2017-8805

CVSS3: 9.1

nvd

больше 8 лет назад

Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.

GHSA-f9qc-p869-hxxw

CVSS3: 9.1

github

больше 3 лет назад

Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.