EPSS
Percentile
73.0%
rsync is vulnerable to access control bypass. The recv_files function in receiver.c does not check for a filename in the daemon_filter_list data structure, allowing remote attackers to bypass intended access restrictions.
recv_files function
receiver.c
daemon_filter_list
security.cucumberlinux.com/security/details.php?id=169
bugzilla.redhat.com/show_bug.cgi?id=1522874#c4
git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
lists.debian.org/debian-lts-announce/2017/12/msg00020.html
www.debian.org/security/2017/dsa-4068