[3.4] rsync: sanitization bypass in parse_argument in options.c (CVE-2018-5764)ID: oval:org.secpod.oval:def:1800941 | Date: (C)2018-03-30 (M)2023-11-10 |
Class: PATCH | Family: unix |
A flaw was found in rsync verions before 3.1.3. The parse_argument function in options.c in rsyncd component does not prevent multiple --protect-args uses. Thus letting the user to specify the arg in the protected-arg list and shortcut some of the arg-sanitizing code. This vulnerability allows remote attackers to bypass the argument-sanitization protection mechanism, which may lead to a privilege escalation vulnerability. Fixed In Version rsync 3.1.3
Platform: |
Alpine Linux 3.4 |