CVE-2017-8805

Опубликовано: 17 окт. 2017

Источник: ubuntu

Приоритет: medium

CVSS2: 6.4

CVSS3: 9.1

Описание

Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	20171018
cosmic	not-affected	20171018
devel	not-affected	20171018
esm-apps/bionic	not-affected	20171018
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	20171017

Показывать по

Ссылки на источники

6.4 Medium

CVSS2

9.1 Critical

CVSS3

Связанные уязвимости

CVE-2017-8805

CVSS3: 9.1

nvd

больше 8 лет назад

Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.

CVE-2017-8805

CVSS3: 9.1

debian

больше 8 лет назад

Debian ftpsync before 20171017 does not use the rsync --safe-links opt ...

GHSA-f9qc-p869-hxxw

CVSS3: 9.1

github

больше 3 лет назад

Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.

6.4 Medium

CVSS2

9.1 Critical

CVSS3

CVE-2017-8805

Описание

Пакет archvsync

Ссылки на источники

Связанные уязвимости