rsync: sanitization bypass in parse_argument in options.c (CVE-2018-5764)
A flaw was found in rsync verions before 3.1.3. The parse_argument
function in options.c in rsyncd component does not prevent multiple
—protect-args uses.
Thus letting the user to specify the arg in the protected-arg list and
shortcut some of the arg-sanitizing code. This vulnerability allows
remote attackers to
bypass the argument-sanitization protection mechanism, which may lead to
a privilege escalation vulnerability.
Fixed In Version:
rsync 3.1.3
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-5764
https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS
Patch:
https://git.samba.org/rsync.git/?p=rsync.git;a=patch;h=7706303828fcde524222babb2833864a4bd09e07
(from redmine: issue id 8675, created on 2018-03-19, closed on 2018-03-20)
- Relations:
- copied_to #8676 (closed)
- copied_to #8677 (closed)
- copied_to #8678 (closed)
- copied_to #8679 (closed)
- child #8676 (closed)
- child #8677 (closed)
- child #8678 (closed)
- child #8679 (closed)