[Bug 11949] New: A malicious sender can still use symlinks to overwrite files
samba-bugs at samba.org
samba-bugs at samba.org
Fri Jun 3 11:59:55 UTC 2016
https://bugzilla.samba.org/show_bug.cgi?id=11949
Bug ID: 11949
Summary: A malicious sender can still use symlinks to overwrite
files
Product: rsync
Version: 3.1.2
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: core
Assignee: wayned at samba.org
Reporter: vcizek at suse.com
QA Contact: rsync-qa at samba.org
Commit 962f8b90045ab331fc04c9e65f80f1a53e68243b fixed an issue where malicious
servers can utilize a just sent symlink to overwrite arbitrary files
(CVE-2014-9512).
The check was implemented for the inc-recurse algorithm only.
An evil sender can bypass the check and still use the symlink vector by
negotiating protocol < 30.
You might consider fixing this in the non-incremental recursive algorithm as
well.
--
You are receiving this mail because:
You are the QA Contact for the bug.
More information about the rsync
mailing list