CVE-2018-5764

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
Severity
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
sambarsync
𝑥
< 3.1.3
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rsync
bullseye
3.2.3-4+deb11u1
fixed
bookworm
3.2.7-1
fixed
sid
3.3.0-1
fixed
trixie
3.3.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rsync
artful
Fixed 3.1.2-2ubuntu0.2
released
xenial
Fixed 3.1.1-3ubuntu1.2
released
trusty
Fixed 3.1.0-2ubuntu0.4
released