Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2018-1244)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.2.2018.1244

Categoría: Huawei EulerOS Local Security Checks

Título: Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2018-1244)

Resumen: The remote host is missing an update for the Huawei EulerOS 'rsync' package(s) announced via the EulerOS-SA-2018-1244 advisory.

Descripción: Summary:
The remote host is missing an update for the Huawei EulerOS 'rsync' package(s) announced via the EulerOS-SA-2018-1244 advisory.

Vulnerability Insight:
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.(CVE-2017-17433)

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.(CVE-2017-17434)

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.(CVE-2018-5764)

Affected Software/OS:
'rsync' package(s) on Huawei EulerOS Virtualization 2.5.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-5764
BugTraq ID: 102803
http://www.securityfocus.com/bid/102803
https://security.gentoo.org/glsa/201805-04
https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
http://www.securitytracker.com/id/1040276
https://usn.ubuntu.com/3543-1/

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2018.1244
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2018-1244)
Resumen:	The remote host is missing an update for the Huawei EulerOS 'rsync' package(s) announced via the EulerOS-SA-2018-1244 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'rsync' package(s) announced via the EulerOS-SA-2018-1244 advisory. Vulnerability Insight: The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.(CVE-2017-17433) The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.(CVE-2017-17434) The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.(CVE-2018-5764) Affected Software/OS: 'rsync' package(s) on Huawei EulerOS Virtualization 2.5.0. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-5764 BugTraq ID: 102803 http://www.securityfocus.com/bid/102803 https://security.gentoo.org/glsa/201805-04 https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html http://www.securitytracker.com/id/1040276 https://usn.ubuntu.com/3543-1/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH