7.5

CVE-2018-5764

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaRsync Version < 3.1.3
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.34% 0.928
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3543-1/
Third Party Advisory
http://www.securityfocus.com/bid/102803
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040276
Third Party Advisory
VDB Entry
https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS
Vendor Advisory
Release Notes
https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=7706303828fcde524222babb2833864a4bd09e07
https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/11/msg00028.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201805-04
Third Party Advisory