https://bugzilla.samba.org/show_bug.cgi?id=11949
Bug ID: 11949
Summary: A malicious sender can still use symlinks to overwrite
files
Product: rsync
Version: 3.1.2
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: core
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Commit 962f8b90045ab331fc04c9e65f80f1a53e68243b fixed an issue where malicious
servers can utilize a just sent symlink to overwrite arbitrary files
(CVE-2014-9512).
The check was implemented for the inc-recurse algorithm only.
An evil sender can bypass the check and still use the symlink vector by
negotiating protocol < 30.
You might consider fixing this in the non-incremental recursive algorithm as
well.
--
You are receiving this mail because:
You are the QA Contact for the bug.
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
