A flaw was found in rsync verions before 3.1.3. The parse_argument function in options.c in rsyncd component does not prevent multiple --protect-args uses. Thus letting the user to specify the arg in the protected-arg list and shortcut some of the arg-sanitizing code. This vulnerability allows remote attackers to bypass the argument-sanitization protection mechanism, which may lead to a privilege escalation vulnerability.
Created rsync tracking bugs for this issue:
Affects: fedora-all [bug 1536662]
This issue affects the versions of rsync as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.