GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue May 08, 2018 4:26 pm Post subject: [ GLSA 201805-04 ] rsync |
|
|
Gentoo Linux Security Advisory
Title: rsync: Arbitrary command execution (GLSA 201805-04)
Severity: normal
Exploitable: remote
Date: 2018-05-08
Bug(s): #646818
ID: 201805-04
Synopsis
A vulnerability in rsync might allow remote attackers to execute
arbitrary commands.
Background
File transfer program to keep remote files into sync.
Affected Packages
Package: net-misc/rsync
Vulnerable: < 3.1.3
Unaffected: >= 3.1.3
Architectures: All supported architectures
Description
A vulnerability was discovered in rsync’s parse_arguments function in
options.c.
Impact
Remote attackers could possibly execute arbitrary commands with the
privilege of the process.
Workaround
There is no known workaround at this time.
Resolution
All rsync users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/rsync-3.1.3"
|
References
CVE-2018-5764 |
|