Wind River Support Network

HomeDefectsLIN9-5797

Fixed

LIN9-5797 : Security Advisory - rsync - CVE-2017-16548

Created: Nov 13, 2017 Updated: Dec 3, 2018

Resolved Date: Nov 29, 2017

Found In Version: 9.0.0.12

Fix Version: 9.0.0.13

Severity: Standard

Applicable for: Wind River Linux 9

Component/s: Userspace

Description

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

https://nvd.nist.gov/vuln/detail/CVE-2017-16548

Other Downloads

Wind River Linux 9.0.0.13
Wind River Linux 9.0.0.14
Wind River Linux 9.0.0.15
Wind River Linux 9.0.0.16
Wind River Linux 9.0.0.17
Wind River Linux 9.0.0.18
Wind River Linux 9.0.0.19
Wind River Linux 9.0.0.20
Wind River Linux 9.0.0.21
Wind River Linux 9.0.0.22
Wind River Linux 9.0.0.23
Wind River Linux 9.0.0.24
Wind River Linux 9.0.0.25
Wind River Linux 9.0.0.26

CVEs

CVE-2017-16548