Argument Sanitization Bypass Vulnerability in Rsync by Samba
CVE-2018-5764

7.5HIGH

Key Information:

Vendor: Samba
Status: Rsync
Vendor: CVE Published:; 17 January 2018

🔔 Create Samba Vulnerability Alert

What is CVE-2018-5764?

The parse_arguments function in rsyncd before version 3.1.3 has a weakness where it does not restrict multiple uses of the --protect-args flag. This vulnerability can be exploited by remote attackers to circumvent the argument-sanitization mechanism, potentially allowing them to execute commands or gain unauthorized access to system resources.

References

https://lists.debian.org/debian-lts-announce/2018/01/msg0...

mailing-listx_refsource_MLIST

https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1040276

vdb-entryx_refsource_SECTRACK

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 17, 2018
Vulnerability Reserved
Jan 17, 2018

.