ID CVE-2004-0426
Summary rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
References
Vulnerable Configurations
  • cpe:2.3:a:andrew_tridgell:rsync:2.6
    cpe:2.3:a:andrew_tridgell:rsync:2.6
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200407-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-200407-10 (rsync: Directory traversal in rsync daemon) When rsyncd is used without chroot ('use chroot = false' in the rsyncd.conf file), the paths sent by the client are not checked thoroughly enough. If rsyncd is used with read-write permissions ('read only = false'), this vulnerability can be used to write files anywhere with the rights of the rsyncd daemon. With default Gentoo installations, rsyncd runs in a chroot, without write permissions and with the rights of the 'nobody' user. Impact : On affected configurations and if the rsync daemon runs under a privileged user, a remote client can exploit this vulnerability to completely compromise the host. Workaround : You should never set the rsync daemon to run with 'use chroot = false'. If for some reason you have to run rsyncd without a chroot, then you should not set 'read only = false'.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 14543
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14543
    title GLSA-200407-10 : rsync: Directory traversal in rsync daemon
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-499.NASL
    description A vulnerability was discovered in rsync, a file transfer program, whereby a remote user could cause an rsync daemon to write files outside of the intended directory tree. This vulnerability is not exploitable when the daemon is configured with the 'chroot' option.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15336
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15336
    title Debian DSA-499-2 : rsync - directory traversal
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-124-01.NASL
    description New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away (and should probably look into using the chroot option as well).
    last seen 2019-02-21
    modified 2013-06-01
    plugin id 18768
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18768
    title Slackware 8.1 / 9.0 / 9.1 / current : rsync update (SSA:2004-124-01)
  • NASL family Misc.
    NASL id RSYNC_PATH_TRAVERSAL.NASL
    description The remote rsync server might be vulnerable to a path traversal issue. An attacker may use this flaw to gain access to arbitrary files hosted outside of a module directory.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 12230
    published 2004-05-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12230
    title rsync Traversal Arbitrary File Creation
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_RSYNC_261.NASL
    description The following package needs to be updated: rsync
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12610
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12610
    title FreeBSD : rsync path traversal issue (168)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-192.NASL
    description An updated rsync package that fixes a directory traversal security flaw is now available. Rsync is a program for synchronizing files over a network. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to write files outside of the module's 'path', depending on the privileges assigned to the rsync daemon. Users not running an rsync daemon, running a read-only daemon, or running a chrooted daemon are not affected by this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0426 to this issue. Users of Rsync are advised to upgrade to this updated package, which contains a backported patch and is not affected by this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12497
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12497
    title RHEL 2.1 / 3 : rsync (RHSA-2004:192)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_73EA07069C5711D893660020ED76EF5A.NASL
    description When running rsync in daemon mode, no checks were made to prevent clients from writing outside of a module's `path' setting.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38112
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38112
    title FreeBSD : rsync path traversal issue (73ea0706-9c57-11d8-9366-0020ed76ef5a)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-042.NASL
    description Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. The updated packages provide a patched rsync to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14141
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14141
    title Mandrake Linux Security Advisory : rsync (MDKSA-2004:042)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-116.NASL
    description Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to write files outside of the module's 'path', depending on the privileges assigned to the rsync daemon. Users not running an rsync daemon, running a read-only daemon, or running a chrooted daemon are not affected by this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0426 to this issue. Updated packages were made available in June 2004 however the original update notification email did not make it to fedora-announce-list at that time. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13695
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13695
    title Fedora Core 1 : rsync-2.5.7-5.fc1 (2004-116)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD20040907.NASL
    description The remote host is missing Security Update 2004-09-07. This security update fixes the following components : - CoreFoundation - IPSec - Kerberos - libpcap - lukemftpd - NetworkConfig - OpenLDAP - OpenSSH - PPPDialer - rsync - Safari - tcpdump These applications contain multiple vulnerabilities that may allow a remote attacker to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 14676
    published 2004-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14676
    title Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)
oval via4
  • accepted 2013-04-29T04:19:47.173-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
    family unix
    id oval:org.mitre.oval:def:9495
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
    version 25
  • accepted 2007-04-25T19:53:10.957-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
    family unix
    id oval:org.mitre.oval:def:967
    status accepted
    submitted 2004-05-19T12:00:00.000-04:00
    title rsync Path Sanitation Vulnerability
    version 33
redhat via4
advisories
rhsa
id RHSA-2004:192
refmap via4
bid 10247
bugtraq 20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync)
ciac
  • O-134
  • O-212
confirm http://rsync.samba.org/
debian DSA-499
gentoo GLSA-200407-10
mandrake MDKSA-2004:042
secunia
  • 11514
  • 11515
  • 11523
  • 11537
  • 11583
  • 11669
  • 11688
  • 11993
  • 12054
slackware SSA:2004-124-01
trustix TSL-2004-0024
xf rsync-write-files(16014)
Last major update 17-10-2016 - 22:45
Published 07-07-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top