CPE-07BB12DD-D335-4AEB-BA9C-0936C8B21016 Detail

CPE Details

Samba Rsync 3.0.3 Pre 2

Vendor

samba

Product

rsync

Version

3.0.3

Created

2020-04-28
15h11 +00:00

Modified

2020-04-28
15h11 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:samba:rsync:3.0.3:pre2::::::

Informations

Vendor

samba

Product

rsync

Version

3.0.3

Update

pre2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-29154	2022-08-02 12h22 +00:00	An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).	7.4	High
CVE-2018-5764	2018-01-17 21h00 +00:00	The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.	7.5	High
CVE-2017-17434	2017-12-06 02h00 +00:00	The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.	9.8	Critical
CVE-2017-16548	2017-11-06 04h00 +00:00	The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.	9.8	Critical
CVE-2017-15994	2017-10-29 05h00 +00:00	rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.	9.8	Critical
CVE-2014-2855	2014-04-23 12h00 +00:00	The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.	7.8
CVE-2011-1097	2011-03-30 20h00 +00:00	rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.	5.1

Samba Rsync 3.0.3 Pre 2

CPE Details

CPE Name: cpe:2.3:a:samba:rsync:3.0.3:pre2:*:*:*:*:*:*

Informations

Vendor

Product

Version

Update

Related CVE

CPE Name: cpe:2.3:a:samba:rsync:3.0.3:pre2::::::