[Bug 10936] Rsync path hijacking attack vulnerability
samba-bugs at samba.org
samba-bugs at samba.org
Mon Dec 1 00:16:16 MST 2014
https://bugzilla.samba.org/show_bug.cgi?id=10936
--- Comment #6 from gaojianfeng <gaojianfeng at baidu.com> ---
(In reply to Wayne Davison from comment #3)
yes ! In newest version rsync(3.1.1),directly modify the file path into
absolute path is
not hijack succeed due to the security checks,but using symbolic links still
can bypass
security checks and spoofing client.
A new bug I submitted :https://bugzilla.samba.org/show_bug.cgi?id=10977
--
You are receiving this mail because:
You are the QA Contact for the bug.
More information about the rsync
mailing list