Search for vulnerabilities
Vulnerability details: VCID-ny7m-9nme-aaap
Vulnerability ID VCID-ny7m-9nme-aaap
Aliases CVE-2017-17433
Summary The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-862 Missing Authorization
CWE-287 Improper Authentication
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17433.html
cvssv3 4.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17433.json
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.00507 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01555 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
epss 0.01811 https://api.first.org/data/v1/epss?cve=CVE-2017-17433
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1522874
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434
cvssv2 4.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2017-17433
cvssv3 3.7 https://nvd.nist.gov/vuln/detail/CVE-2017-17433
archlinux Critical https://security.archlinux.org/AVG-542
generic_textual Medium https://ubuntu.com/security/notices/USN-3506-1
generic_textual Medium https://ubuntu.com/security/notices/USN-3506-2
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17433.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17433.json
https://api.first.org/data/v1/epss?cve=CVE-2017-17433
https://bugzilla.redhat.com/show_bug.cgi?id=1522874#c4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434
http://security.cucumberlinux.com/security/details.php?id=169
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html
https://ubuntu.com/security/notices/USN-3506-1
https://ubuntu.com/security/notices/USN-3506-2
https://www.debian.org/security/2017/dsa-4068
1522874 https://bugzilla.redhat.com/show_bug.cgi?id=1522874
883667 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883667
ASA-201801-21 https://security.archlinux.org/ASA-201801-21
AVG-542 https://security.archlinux.org/AVG-542
cpe:2.3:a:samba:rsync:3.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:rsync:3.1.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2017-17433 https://nvd.nist.gov/vuln/detail/CVE-2017-17433
GLSA-201801-16 https://security.gentoo.org/glsa/201801-16
USN-3506-1 https://usn.ubuntu.com/3506-1/
USN-3506-2 https://usn.ubuntu.com/3506-2/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17433.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-17433
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-17433
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.73460
EPSS Score 0.00380
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.