ID CVE-2004-0426
Summary rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
References
Vulnerable Configurations
  • cpe:2.3:a:andrew_tridgell:rsync:*:*:*:*:*:*:*:*
    cpe:2.3:a:andrew_tridgell:rsync:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2013-04-29T04:19:47.173-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
    family unix
    id oval:org.mitre.oval:def:9495
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
    version 25
  • accepted 2007-04-25T19:53:10.957-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
    family unix
    id oval:org.mitre.oval:def:967
    status accepted
    submitted 2004-05-19T12:00:00.000-04:00
    title rsync Path Sanitation Vulnerability
    version 33
redhat via4
advisories
rhsa
id RHSA-2004:192
refmap via4
bid 10247
bugtraq 20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync)
ciac
  • O-134
  • O-212
confirm http://rsync.samba.org/
debian DSA-499
gentoo GLSA-200407-10
mandrake MDKSA-2004:042
secunia
  • 11514
  • 11515
  • 11523
  • 11537
  • 11583
  • 11669
  • 11688
  • 11993
  • 12054
slackware SSA:2004-124-01
trustix TSL-2004-0024
xf rsync-write-files(16014)
Last major update 11-10-2017 - 01:29
Published 07-07-2004 - 04:00
Back to Top