|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu Update for rsync USN-3506-1|
|Summary:||The remote host is missing an update for the 'rsync'; package(s) announced via the USN-3506-1 advisory.|
The remote host is missing an update for the 'rsync'
package(s) announced via the USN-3506-1 advisory.
It was discovered that rsync proceeds with certain file metadata
updates before checking for a filename. An attacker could use this to
bypass access restrictions. (CVE-2017-17433)
It was discovered that rsync does not check for fnamecmp filenames and
also does not apply the sanitize_paths protection mechanism to
pathnames. An attacker could use this to bypass access restrictions.
rsync on Ubuntu 17.10,
Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2017-17433|
Common Vulnerability Exposure (CVE) ID: CVE-2017-17434
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.