[3.6] rsync: sanitization bypass in parse_argument in options.c (CVE-2018-5764)
A flaw was found in rsync verions before 3.1.3. The parse_argument
function in options.c in rsyncd component does not prevent multiple
—protect-args uses.
Thus letting the user to specify the arg in the protected-arg list and
shortcut some of the arg-sanitizing code. This vulnerability allows
remote attackers to
bypass the argument-sanitization protection mechanism, which may lead to
a privilege escalation vulnerability.
Fixed In Version:
rsync 3.1.3
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-5764
https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS
Patch:
https://git.samba.org/rsync.git/?p=rsync.git;a=patch;h=7706303828fcde524222babb2833864a4bd09e07
(from redmine: issue id 8677, created on 2018-03-19, closed on 2018-03-20)
- Relations:
- copied_to #8675 (closed)
- parent #8675 (closed)
- Changesets:
- Revision 715507dc by Natanael Copa on 2018-03-20T12:14:18Z:
main/rsync: security upgrade to 3.1.3 (CVE-2018-5764)
fixes #8677