CVE-2018-5764 — Command Injection in Samba Rsync

CWE-77 — Command Injection11 documents8 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

10.1%

top 6.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Rsync Canonical Ubuntu Linux Debian Linux

Timeline

PublishedJan 17

Latest updateMay 13

Description

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDsamba/rsync< 3.1.3

▶Debiansamba/rsync< 3.1.2-2.2+3

▶Ubuntusamba/rsync< 3.1.0-2ubuntu0.4+1

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10

🔴Vulnerability Details

GHSA

GHSA-qp2v-jrh4-vgj2: The parse_arguments function in options↗2022-05-13

▶

OSV

rsync vulnerabilities↗2018-01-23

▶

OSV

CVE-2018-5764: The parse_arguments function in options↗2018-01-17

▶

CVEList

CVE-2018-5764: The parse_arguments function in options↗2018-01-17

▶

📋Vendor Advisories

Ubuntu

rsync vulnerabilities↗2018-01-23

▶

Ubuntu

rsync vulnerabilities↗2018-01-23

▶

Red Hat

rsync: sanitization bypass in parse_argument in options.c↗2018-01-17

▶

Debian

CVE-2018-5764: rsync - The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does n...↗2018

▶

💬Community

Bugzilla

CVE-2018-5764 rsync: sanitization bypass in parse_argument in options.c↗2018-01-19

▶

Bugzilla

CVE-2018-5764 rsync: sanitization bypass in parse_argument in oprions.c [fedora-all]↗2018-01-19

▶