[Bug 10977] Rsync path spoofing attack vulnerability (rsync 3.1.1 tested)
samba-bugs at samba.org
samba-bugs at samba.org
Wed Dec 31 15:05:51 MST 2014
https://bugzilla.samba.org/show_bug.cgi?id=10977
Wayne Davison <wayned at samba.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #1 from Wayne Davison <wayned at samba.org> ---
The latest git now has a fix for this exploit in an inc-recursive transfer (the
default). See commit: 962f8b90045ab331fc04c9e65f80f1a53e68243b
A transfer with --no-inc-recursive set (or an option that implies it) will sort
the filenames wrong, so it would take some more malicous-sender helper code to
deal with that, but it should be possible. I'll be looking at how best to deal
with that code path next.
--
You are receiving this mail because:
You are the QA Contact for the bug.
More information about the rsync
mailing list