Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.1.2.2018.1244 |
Categoría: | Huawei EulerOS Local Security Checks |
Título: | Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2018-1244) |
Resumen: | The remote host is missing an update for the Huawei EulerOS 'rsync' package(s) announced via the EulerOS-SA-2018-1244 advisory. |
Descripción: | Summary: The remote host is missing an update for the Huawei EulerOS 'rsync' package(s) announced via the EulerOS-SA-2018-1244 advisory. Vulnerability Insight: The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.(CVE-2017-17433) The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.(CVE-2017-17434) The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.(CVE-2018-5764) Affected Software/OS: 'rsync' package(s) on Huawei EulerOS Virtualization 2.5.0. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-5764 BugTraq ID: 102803 http://www.securityfocus.com/bid/102803 https://security.gentoo.org/glsa/201805-04 https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html http://www.securitytracker.com/id/1040276 https://usn.ubuntu.com/3543-1/ |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |