A flaw was found in rsync verions before 3.1.3. The parse_argument function in options.c in rsyncd component does not prevent multiple --protect-args uses. Thus letting the user to specify the arg in the protected-arg list and shortcut some of the arg-sanitizing code. This vulnerability allows remote attackers to bypass the argument-sanitization protection mechanism, which may lead to a privilege escalation vulnerability. References: https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS Patch: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
Created rsync tracking bugs for this issue: Affects: fedora-all [bug 1536662]
Statement: This issue affects the versions of rsync as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.