Login Sign Up

CVE-2017-8805

9.1 CRITICAL

📋 TL;DR

This vulnerability in Debian's ftpsync tool allows remote attackers to perform directory traversal attacks when syncing from malicious upstream mirrors. Attackers can write files outside the intended directory structure, potentially compromising the mirror server. This affects Debian systems using ftpsync for mirror synchronization.

💻 Affected Systems

Products:
  • Debian ftpsync
Versions: All versions before 20171017
Operating Systems: Debian Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using ftpsync for mirror synchronization, typically Debian mirror administrators.

📦 What is this software?

Ftpsync by Debian

View all CVEs affecting Ftpsync →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the mirror server through arbitrary file writes, potentially leading to remote code execution, data theft, or server takeover.

🟠

Likely Case

Unauthorized file writes to sensitive directories, potentially enabling privilege escalation or persistence mechanisms.

🟢

If Mitigated

Limited to file writes within controlled directories if proper access controls and monitoring are in place.

🌐 Internet-Facing: HIGH - ftpsync typically connects to external mirrors over the internet, exposing the vulnerability to remote exploitation.
🏢 Internal Only: MEDIUM - Could be exploited if internal mirrors are compromised or malicious.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires controlling or compromising an upstream mirror that the vulnerable ftpsync connects to.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20171017 and later

Vendor Advisory: https://lists.debian.org/debian-mirrors/2017/10/msg00017.html

Restart Required: No

Instructions:

1. Update ftpsync package to version 20171017 or later. 2. For Debian systems: 'apt-get update && apt-get install ftpsync'. 3. Verify the fix by checking the version.

🔧 Temporary Workarounds

Manual rsync with --safe-links

linux

Manually run rsync with the --safe-links option instead of using vulnerable ftpsync

rsync --safe-links [other options] source destination

Network segmentation

all

Restrict ftpsync to only connect to trusted upstream mirrors

🧯 If You Can't Patch

  • Implement strict network controls to only allow ftpsync connections to verified trusted mirrors
  • Monitor file system changes in directories where ftpsync writes and implement file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Check ftpsync version: 'dpkg -l ftpsync' or check if rsync is called without --safe-links in ftpsync scripts

Check Version:

dpkg -l ftpsync | grep ftpsync

Verify Fix Applied:

Verify ftpsync version is 20171017 or later and that rsync commands include --safe-links option

📡 Detection & Monitoring

Log Indicators:

  • Unusual file writes outside expected mirror directories
  • Rsync operations without --safe-links flag

Network Indicators:

  • Rsync connections to untrusted or unknown mirrors

SIEM Query:

source="syslog" AND "rsync" AND NOT "--safe-links"

📊 Metadata

CVE ID: CVE-2017-8805
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-22
Published: October 17, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-8805, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2017-12815 10.0

CVE-2017-12815 is a critical path traversal vulnerability in Bomgar Remote Support Portal's JavaStar...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)