[Bug 11949] New: A malicious sender can still use symlinks to overwrite files

Fri Jun 3 11:59:55 UTC 2016

https://bugzilla.samba.org/show_bug.cgi?id=11949

            Bug ID: 11949
           Summary: A malicious sender can still use symlinks to overwrite
                    files
           Product: rsync
           Version: 3.1.2
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: core
          Assignee: wayned at samba.org
          Reporter: vcizek at suse.com
        QA Contact: rsync-qa at samba.org

Commit 962f8b90045ab331fc04c9e65f80f1a53e68243b fixed an issue where malicious
servers can utilize a just sent symlink to overwrite arbitrary files
(CVE-2014-9512).
The check was implemented for the inc-recurse algorithm only.
An evil sender can bypass the check and still use the symlink vector by
negotiating protocol < 30.
You might consider fixing this in the non-incremental recursive algorithm as
well.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.