cpe:/a:samba:rsync:3.1.2 cpe:/o:debian:debian_linux:7.0 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 CVE-2017-17433 2017-12-05T22:29:00.217-05:00 2019-10-02T20:03:26.223-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2019-04-30T12:29:07.667-04:00 DEBIAN DSA-4068 MLIST [debian-lts-announce] 20171222 [SECURITY] [DLA 1218-1] rsync security update CONFIRM http://security.cucumberlinux.com/security/details.php?id=169 MISC https://bugzilla.redhat.com/show_bug.cgi?id=1522874#c4 MISC https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.