CVE-2017-15994 — Improper Validation of Integrity Check Value in Samba Rsync

CWE-354 — Improper Validation of Integrity Check Value CWE-284 — Improper Access Control9 documents6 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 67.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Rsync

Timeline

PublishedOct 29

Latest updateMay 13

Description

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDsamba/rsync3.1.2

🔴Vulnerability Details

GHSA

GHSA-m83x-3x2c-26q8: rsync 3↗2022-05-13

▶

CVEList

CVE-2017-15994: rsync 3↗2017-10-29

▶

📋Vendor Advisories

Red Hat

rsync: Mishandles archaic checksums↗2017-10-24

▶

Debian

CVE-2017-15994: rsync - rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which ma...↗2017

▶

💬Community

Bugzilla

CVE-2017-15994 rsync: Mishandles archaic checksums↗2017-11-21

▶

Bugzilla

CVE-2017-15994 CVE-2017-16548 rsync-bpc: various flaws [fedora-all]↗2017-11-09

▶

Bugzilla

CVE-2017-15994 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 rsync: various flaws [fedora-all]↗2017-11-09

▶

Bugzilla

CVE-2017-15994 CVE-2017-16548 rsync-bpc: various flaws [epel-7]↗2017-11-09

▶