Описание
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| s3ql | fixed | 2.27.1+dfsg-1 | package | |
| s3ql | ignored | stretch | package | |
| s3ql | ignored | jessie | package |
Примечания
https://groups.google.com/forum/#!topic/s3ql/4TzCVIMkA4o
https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020
EPSS
Связанные уязвимости
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.
EPSS