CVE-2017-16548

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

References

https://bugzilla.samba.org/show_bug.cgi?id=13112

https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1

https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html

https://usn.ubuntu.com/3543-1/

https://usn.ubuntu.com/3543-2/

https://www.debian.org/security/2017/dsa-4068

Details

Source: MITRE

Published: 2017-11-06

Updated: 2020-05-01

Type: CWE-125

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:* versions up to 3.1.2 (inclusive)

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
135659EulerOS Virtualization 3.0.2.2 : rsync (EulerOS-SA-2020-1497)NessusHuawei Local Security Checks
critical
128947EulerOS Virtualization for ARM 64 3.0.2.0 : rsync (EulerOS-SA-2019-1944)NessusHuawei Local Security Checks
critical
128098EulerOS 2.0 SP5 : rsync (EulerOS-SA-2019-1806)NessusHuawei Local Security Checks
critical
121775Photon OS 2.0: Rsync PHSA-2017-0051NessusPhotonOS Local Security Checks
critical
111901Photon OS 1.0: Binutils / Glibc / Linux / Mongodb / Openssh / Procmail / Python2 / Rsync PHSA-2017-0052 (deprecated)NessusPhotonOS Local Security Checks
critical
111900Photon OS 2.0: Libvirt / Linux / Openssh / Procmail / Python2 / Rsync PHSA-2017-0051 (deprecated)NessusPhotonOS Local Security Checks
critical
106565Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : rsync (SSA:2018-032-02)NessusSlackware Local Security Checks
critical
106295Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : rsync vulnerabilities (USN-3543-1)NessusUbuntu Local Security Checks
critical
106129SUSE SLED12 / SLES12 Security Update : rsync (SUSE-SU-2018:0118-1)NessusSuSE Local Security Checks
critical
106128SUSE SLES11 Security Update : rsync (SUSE-SU-2018:0117-1)NessusSuSE Local Security Checks
critical
106087GLSA-201801-16 : rsync: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
106063openSUSE Security Update : rsync (openSUSE-2018-34)NessusSuSE Local Security Checks
critical
105425Debian DLA-1218-1 : rsync security updateNessusDebian Local Security Checks
critical
105406FreeBSD : rsync -- multiple vulnerabilities (72fff788-e561-11e7-8097-0800271d4b9c)NessusFreeBSD Local Security Checks
critical
105332Debian DSA-4068-1 : rsync - security updateNessusDebian Local Security Checks
critical
105314EulerOS 2.0 SP2 : rsync (EulerOS-SA-2017-1333)NessusHuawei Local Security Checks
critical
105313EulerOS 2.0 SP1 : rsync (EulerOS-SA-2017-1332)NessusHuawei Local Security Checks
critical