cve-bin-tool icon indicating copy to clipboard operation
cve-bin-tool copied to clipboard

Published 20 hours ago verified publisher icon intel

New checker: rsync

Open terriko opened this issue 6 years ago • 4 comments

New checker request: rsync

Source code: Please add links in the comments so this issue can be updated

CVE data: Please add links in the comments so this issue can be updated

Instructions: How to add a new checker to the CVE Binary Tool

terriko avatar Feb 05 '19 20:02 terriko

Using strings works with .so files . But what is the correct way for applications like rsync . Typing rsync --version gives ,

rsync  version 2.6.9  protocol version 29
Copyright (C) 1996-2006 by Andrew Tridgell, Wayne Davison, and others.
<http://rsync.samba.org/>
Capabilities: 64-bit files, socketpairs, hard links, symlinks, batchfiles,
              inplace, IPv6, 64-bit system inums, 64-bit internal inums

rsync comes with ABSOLUTELY NO WARRANTY.  This is free software, and you
are welcome to redistribute it under certain conditions.  See the GNU
General Public Licence for details.

PrajwalM2212 avatar Feb 09 '19 15:02 PrajwalM2212

Strings works on binaries, even executable ones! Try it on /usr/bin/rsync or wherever it lives on your system.

terriko avatar Feb 09 '19 18:02 terriko

As discussed in #57, it turns out that rsync doesn't have a particularly convenient version string we can use to do the same trick we've been doing with other libraries, so we're getting messy results from the checker. I think we should leave this one for now and move on.

terriko avatar Feb 13 '19 00:02 terriko

Incidentally, I noted in #61 that sqlite had the same problem. Thankfully in that case, they had ids that were searchable (even though they didn't include the version string).

terriko avatar Feb 15 '19 01:02 terriko