CVE-2017-16548 — CRITICAL (9.8)

Q: How severe is CVE-2017-16548?

CVE-2017-16548 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-16548?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Rsync, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Samba	Rsync	<= 3.1.2
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-125

References

https://bugzilla.samba.org/show_bug.cgi?id=13112Issue Tracking
https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e9
https://lists.debian.org/debian-lts-announce/2017/12/msg00020.htmlThird Party Advisory
https://usn.ubuntu.com/3543-1/Third Party Advisory
https://usn.ubuntu.com/3543-2/Third Party Advisory
https://www.debian.org/security/2017/dsa-4068Third Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=13112Issue Tracking
https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e9
https://lists.debian.org/debian-lts-announce/2017/12/msg00020.htmlThird Party Advisory
https://usn.ubuntu.com/3543-1/Third Party Advisory
https://usn.ubuntu.com/3543-2/Third Party Advisory
https://www.debian.org/security/2017/dsa-4068Third Party Advisory

FAQ

What is CVE-2017-16548?

CVE-2017-16548 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (h...

How severe is CVE-2017-16548?

CVE-2017-16548 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-16548?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Rsync, Canonical Ubuntu Linux, Debian Debian Linux.