Vulnerabilities > CVE-2018-5764

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
samba
debian
canonical
nessus

Summary

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

Vulnerable Configurations

Part Description Count
Application
Samba
170
OS
Debian
3
OS
Canonical
3

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0132_RSYNC.NASL
    descriptionAn update of the rsync package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121838
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121838
    titlePhoton OS 1.0: Rsync PHSA-2018-1.0-0132
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0132. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(121838);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07");
    
      script_cve_id("CVE-2018-5764");
    
      script_name(english:"Photon OS 1.0: Rsync PHSA-2018-1.0-0132");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the rsync package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-132.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8822");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:rsync");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"rsync-3.1.3-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"rsync-debuginfo-3.1.3-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsync");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-034101216D.NASL
    descriptionRemoving dependencies on systemd-units ---- New version 3.1.3, includes security fix for CVE-2018-5764 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-02-06
    plugin id106611
    published2018-02-06
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106611
    titleFedora 26 : rsync (2018-034101216d)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0132.NASL
    descriptionAn update of 'linux-esx', 'rsync', 'linux' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111934
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111934
    titlePhoton OS 1.0: Linux / Rsync PHSA-2018-1.0-0132 (deprecated)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1944.NASL
    descriptionAccording to the versions of the rsync package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing
    last seen2020-06-01
    modified2020-06-02
    plugin id128947
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128947
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : rsync (EulerOS-SA-2019-1944)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1049.NASL
    descriptionAccording to the version of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.(CVE-2018-5764) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-02-13
    plugin id106777
    published2018-02-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106777
    titleEulerOS 2.0 SP1 : rsync (EulerOS-SA-2018-1049)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0174-1.NASL
    descriptionThis update for rsync fixes one issues. This security issue was fixed : - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106263
    published2018-01-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106263
    titleSUSE SLED12 / SLES12 Security Update : rsync (SUSE-SU-2018:0174-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1050.NASL
    descriptionAccording to the version of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.(CVE-2018-5764) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-02-13
    plugin id106778
    published2018-02-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106778
    titleEulerOS 2.0 SP2 : rsync (EulerOS-SA-2018-1050)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1247.NASL
    descriptionIt was discovered that there was an injection vulnerability in the rsync file-copying tool. For Debian 7
    last seen2020-03-17
    modified2018-01-19
    plugin id106174
    published2018-01-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106174
    titleDebian DLA-1247-1 : rsync security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1806.NASL
    descriptionAccording to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.(CVE-2018-5764) - The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing
    last seen2020-05-06
    modified2019-08-23
    plugin id128098
    published2019-08-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128098
    titleEulerOS 2.0 SP5 : rsync (EulerOS-SA-2019-1806)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-032-02.NASL
    descriptionNew rsync packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106565
    published2018-02-02
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/106565
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : rsync (SSA:2018-032-02)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1497.NASL
    descriptionAccording to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing
    last seen2020-04-30
    modified2020-04-16
    plugin id135659
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135659
    titleEulerOS Virtualization 3.0.2.2 : rsync (EulerOS-SA-2020-1497)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0172-1.NASL
    descriptionThis update for rsync fixes one issues. This security issue was fixed : - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106261
    published2018-01-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106261
    titleSUSE SLES11 Security Update : rsync (SUSE-SU-2018:0172-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0041.NASL
    descriptionAn update of {'ceph', 'linux-esx', 'rsync', 'linux', 'linux-secure', 'linux-aws'} packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111300
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111300
    titlePhoton OS 2.0 : ceph / linux-esx / rsync / linux / linux-secure / linux-aws (PhotonOS-PHSA-2018-2.0-0041) (deprecated)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0041_RSYNC.NASL
    descriptionAn update of the rsync package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121943
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121943
    titlePhoton OS 2.0: Rsync PHSA-2018-2.0-0041
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-D0EBFAB3F3.NASL
    descriptionNew version 3.1.3, includes security fix for CVE-2018-5764 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-02-07
    plugin id106646
    published2018-02-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106646
    titleFedora 27 : rsync (2018-d0ebfab3f3)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-237.NASL
    descriptionThis update for rsync fixes one issues. This security issue was fixed : - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-03-09
    plugin id107244
    published2018-03-09
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/107244
    titleopenSUSE Security Update : rsync (openSUSE-2018-237)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1725.NASL
    descriptionTrail of Bits used the automated vulnerability discovery tools developed for the DARPA Cyber Grand Challenge to audit zlib. As rsync, a fast, versatile, remote (and local) file-copying tool, uses an embedded copy of zlib, those issues are also present in rsync. CVE-2016-9840 In order to avoid undefined behavior, remove offset pointer optimization, as this is not compliant with the C standard. CVE-2016-9841 Only use post-increment to be compliant with the C standard. CVE-2016-9842 In order to avoid undefined behavior, do not shift negative values, as this is not compliant with the C standard. CVE-2016-9843 In order to avoid undefined behavior, do not pre-decrement a pointer in big-endian CRC calculation, as this is not compliant with the C standard. CVE-2018-5764 Prevent remote attackers from being able to bypass the argument-sanitization protection mechanism by ignoring --protect-args when already sent by client. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id123019
    published2019-03-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123019
    titleDebian DLA-1725-1 : rsync security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3543-1.NASL
    descriptionIt was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2017-16548) It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass arguments and execute arbitrary code. (CVE-2018-5764). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106295
    published2018-01-24
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106295
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : rsync vulnerabilities (USN-3543-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1244.NASL
    descriptionAccording to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.(CVE-2017-17433) - The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in
    last seen2020-06-01
    modified2020-06-02
    plugin id117553
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117553
    titleEulerOS Virtualization 2.5.0 : rsync (EulerOS-SA-2018-1244)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201805-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201805-04 (rsync: Arbitrary command execution) A vulnerability was discovered in rsync&rsquo;s parse_arguments function in options.c. Impact : Remote attackers could possibly execute arbitrary commands with the privilege of the process. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id109627
    published2018-05-09
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/109627
    titleGLSA-201805-04 : rsync: Arbitrary command execution