Executive Summary

Summary
Title rsync vulnerabilities
Informations
Name USN-4292-1 First vendor Publication 2020-02-25
Vendor Ubuntu Last vendor Modification 2020-02-25
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS - Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in rsync.

Software Description: - rsync: fast, versatile, remote (and local) file-copying tool

Details:

It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)

It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9842)

It was discovered that rsync incorrectly handled vectors involving big-endian CRC calculation in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9843)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS:
rsync 3.1.2-2.1ubuntu1.1

Ubuntu 16.04 LTS:
rsync 3.1.1-3ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4292-1
CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843

Package Information:
https://launchpad.net/ubuntu/+source/rsync/3.1.2-2.1ubuntu1.1
https://launchpad.net/ubuntu/+source/rsync/3.1.1-3ubuntu1.3

Original Source

Url : http://www.ubuntu.com/usn/USN-4292-1

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 1
Application 1
Application 161
Application 2
Application 1
Application 3
Application 19
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 18
Application 1
Application 1
Application 2
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 176
Application 1
Application 3
Application 3
Application 472
Application 1
Application 21
Hardware 1
Os 167
Os 136
Os 49
Os 11
Os 2
Os 1
Os 2
Os 1
Os 2
Os 2
Os 2
Os 2

Nessus® Vulnerability Scanner

Date Description
2019-01-16 Name : The remote database server is affected by multiple vulnerabilities
File : mariadb_10_0_37.nasl - Type : ACT_GATHER_INFO
2019-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2018-55b875c1ac.nasl - Type : ACT_GATHER_INFO
2019-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2018-242f6c1a41.nasl - Type : ACT_GATHER_INFO
2018-12-07 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1116.nasl - Type : ACT_GATHER_INFO
2018-12-07 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1115.nasl - Type : ACT_GATHER_INFO
2018-12-07 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1114.nasl - Type : ACT_GATHER_INFO
2018-11-27 Name : The remote Fedora host is missing a security update.
File : fedora_2018-192148f4ff.nasl - Type : ACT_GATHER_INFO
2018-11-06 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-309-01.nasl - Type : ACT_GATHER_INFO
2018-10-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_ec5072b0d43a11e8a6d2b499baebfeaf.nasl - Type : ACT_GATHER_INFO
2018-10-19 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_8_0_13.nasl - Type : ACT_GATHER_INFO
2018-10-19 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_62.nasl - Type : ACT_GATHER_INFO
2018-10-19 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_6_42.nasl - Type : ACT_GATHER_INFO
2018-10-19 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_7_24.nasl - Type : ACT_GATHER_INFO
2018-08-17 Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0021.nasl - Type : ACT_GATHER_INFO
2017-12-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3453.nasl - Type : ACT_GATHER_INFO
2017-11-13 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2989-1.nasl - Type : ACT_GATHER_INFO
2017-11-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1269.nasl - Type : ACT_GATHER_INFO
2017-10-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3047.nasl - Type : ACT_GATHER_INFO
2017-10-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3046.nasl - Type : ACT_GATHER_INFO
2017-10-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2999.nasl - Type : ACT_GATHER_INFO
2017-10-19 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_oct_2017_unix.nasl - Type : ACT_GATHER_INFO
2017-10-19 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_oct_2017.nasl - Type : ACT_GATHER_INFO
2017-10-03 Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_13.nasl - Type : ACT_GATHER_INFO
2017-09-13 Name : The version of Java SDK installed on the remote AIX host is affected by multi...
File : aix_java_apr2017_advisory.nasl - Type : ACT_GATHER_INFO
2017-07-27 Name : An infrastructure management application running on the remote host is affect...
File : ibm_tem_9_2_11_19.nasl - Type : ACT_GATHER_INFO
2017-05-31 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1444-1.nasl - Type : ACT_GATHER_INFO
2017-05-24 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1384-1.nasl - Type : ACT_GATHER_INFO
2017-05-24 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1385-1.nasl - Type : ACT_GATHER_INFO
2017-05-24 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1386-1.nasl - Type : ACT_GATHER_INFO
2017-05-24 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1387-1.nasl - Type : ACT_GATHER_INFO
2017-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-1222.nasl - Type : ACT_GATHER_INFO
2017-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-1221.nasl - Type : ACT_GATHER_INFO
2017-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-1220.nasl - Type : ACT_GATHER_INFO
2017-01-23 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-56.nasl - Type : ACT_GATHER_INFO
2017-01-10 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-47.nasl - Type : ACT_GATHER_INFO
2017-01-10 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-46.nasl - Type : ACT_GATHER_INFO
2017-01-03 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0004-1.nasl - Type : ACT_GATHER_INFO
2017-01-03 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0003-1.nasl - Type : ACT_GATHER_INFO
2016-12-22 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-3209-1.nasl - Type : ACT_GATHER_INFO
2016-12-21 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1499.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2020-02-25 05:18:47
  • First insertion