ID CVE-2007-6199
Summary rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
References
Vulnerable Configurations
  • Slackware Linux 8.1
    cpe:2.3:o:slackware:slackware_linux:8.1
  • Slackware Linux 9.0
    cpe:2.3:o:slackware:slackware_linux:9.0
  • Slackware Linux 9.1
    cpe:2.3:o:slackware:slackware_linux:9.1
  • Slackware Linux 10.0
    cpe:2.3:o:slackware:slackware_linux:10.0
  • Slackware Linux 10.1
    cpe:2.3:o:slackware:slackware_linux:10.1
  • Slackware Linux 10.2
    cpe:2.3:o:slackware:slackware_linux:10.2
  • Slackware Linux 11.0
    cpe:2.3:o:slackware:slackware_linux:11.0
  • Slackware Linux 12.0
    cpe:2.3:o:slackware:slackware_linux:12.0
  • cpe:2.3:a:rsync:rsync:2.3.1
    cpe:2.3:a:rsync:rsync:2.3.1
  • cpe:2.3:a:rsync:rsync:2.3.2
    cpe:2.3:a:rsync:rsync:2.3.2
  • cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha
    cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha
  • cpe:2.3:a:rsync:rsync:2.3.2_1.2arm
    cpe:2.3:a:rsync:rsync:2.3.2_1.2arm
  • cpe:2.3:a:rsync:rsync:2.3.2_1.2intel
    cpe:2.3:a:rsync:rsync:2.3.2_1.2intel
  • cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k
    cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k
  • cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc
    cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc
  • cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc
    cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc
  • cpe:2.3:a:rsync:rsync:2.3.2_1.3
    cpe:2.3:a:rsync:rsync:2.3.2_1.3
  • cpe:2.3:a:rsync:rsync:2.4.0
    cpe:2.3:a:rsync:rsync:2.4.0
  • cpe:2.3:a:rsync:rsync:2.4.1
    cpe:2.3:a:rsync:rsync:2.4.1
  • cpe:2.3:a:rsync:rsync:2.4.3
    cpe:2.3:a:rsync:rsync:2.4.3
  • cpe:2.3:a:rsync:rsync:2.4.4
    cpe:2.3:a:rsync:rsync:2.4.4
  • cpe:2.3:a:rsync:rsync:2.4.5
    cpe:2.3:a:rsync:rsync:2.4.5
  • cpe:2.3:a:rsync:rsync:2.4.6
    cpe:2.3:a:rsync:rsync:2.4.6
  • cpe:2.3:a:rsync:rsync:2.4.8
    cpe:2.3:a:rsync:rsync:2.4.8
  • cpe:2.3:a:rsync:rsync:2.5.0
    cpe:2.3:a:rsync:rsync:2.5.0
  • cpe:2.3:a:rsync:rsync:2.5.1
    cpe:2.3:a:rsync:rsync:2.5.1
  • cpe:2.3:a:rsync:rsync:2.5.2
    cpe:2.3:a:rsync:rsync:2.5.2
  • cpe:2.3:a:rsync:rsync:2.5.3
    cpe:2.3:a:rsync:rsync:2.5.3
  • cpe:2.3:a:rsync:rsync:2.5.4
    cpe:2.3:a:rsync:rsync:2.5.4
  • cpe:2.3:a:rsync:rsync:2.5.5
    cpe:2.3:a:rsync:rsync:2.5.5
  • cpe:2.3:a:rsync:rsync:2.5.6
    cpe:2.3:a:rsync:rsync:2.5.6
  • cpe:2.3:a:rsync:rsync:2.5.7
    cpe:2.3:a:rsync:rsync:2.5.7
  • cpe:2.3:a:rsync:rsync:2.6
    cpe:2.3:a:rsync:rsync:2.6
  • cpe:2.3:a:rsync:rsync:2.6.1
    cpe:2.3:a:rsync:rsync:2.6.1
  • cpe:2.3:a:rsync:rsync:2.6.2
    cpe:2.3:a:rsync:rsync:2.6.2
  • cpe:2.3:a:rsync:rsync:2.6.5
    cpe:2.3:a:rsync:rsync:2.6.5
  • cpe:2.3:a:rsync:rsync:2.6.6
    cpe:2.3:a:rsync:rsync:2.6.6
  • cpe:2.3:a:rsync:rsync:2.6.7
    cpe:2.3:a:rsync:rsync:2.6.7
  • cpe:2.3:a:rsync:rsync:2.6.8
    cpe:2.3:a:rsync:rsync:2.6.8
  • cpe:2.3:a:rsync:rsync:2.6.9
    cpe:2.3:a:rsync:rsync:2.6.9
CVSS
Base: 9.3 (as of 03-12-2007 - 10:06)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RSYNC-4798.NASL
    description This update fixes a bug in rsync that allowed remote attackers to access restricted files outside a module's hierarchy if no chroot setup was used. (CVE-2007-6199) Please read http://rsync.samba.org/security.html entry from November 28th, 2007 to get more information about a secure configuration of rsync that also covers the bug tracked with CVE-2007-6200. This update also fixes some crashes that only affect rsync-2.6.8 on SLES10.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29790
    published 2007-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29790
    title SuSE 10 Security Update : rsync (ZYPP Patch Number 4798)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-011.NASL
    description rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. (CVE-2007-6199) Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. (CVE-2007-6200) This update fixes these issues. It is recommended users (specially system and network administrators) read the manpage about the introduced munge symlinks feature. This update also upgrades rsync to version 2.6.9 for all Mandriva Linux versions earlier than 2008.0.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36432
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36432
    title Mandriva Linux Security Advisory : rsync (MDVSA-2008:011)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15549.NASL
    description rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 83004
    published 2015-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83004
    title F5 Networks BIG-IP : Rsync vulnerability (SOL15549)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RSYNC-4793.NASL
    description This update fixes a bug in rsync that allowed remote attackers to access restricted files outside a module's hierarchy if no chroot setup was used. (CVE-2007-6199) Please read http://rsync.samba.org/security.html entry from November 28th, 2007 to get more information about a secure configuration of rsync that also covers the bug tracked with CVE-2007-6200. This update also fixes some crashes that only affect rsync-2.6.8 on SLES10.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29789
    published 2007-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29789
    title openSUSE 10 Security Update : rsync (rsync-4793)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12038.NASL
    description This update fixes a bug in rsync that allowed remote attackers to access restricted files outside a module's hierarchy if no chroot setup was used. (CVE-2007-6199) Please read http://rsync.samba.org/security.html entry from November 28th, 2007 to get more information about a secure configuration of rsync that also covers the bug tracked with CVE-2007-6200. This update also fixes some crashes that only affect rsync-2.6.8 on SLES10. This is a reissue of another post-SP4 rsync update.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41181
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41181
    title SuSE9 Security Update : rsync (YOU Patch Number 12038)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-005.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. This update contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 33790
    published 2008-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33790
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-005)
refmap via4
apple APPLE-SA-2008-07-31
bid 26638
bugtraq 20080212 FLEA-2008-0004-1 rsync
confirm
mandriva MDVSA-2008:011
sectrack 1019012
secunia
  • 27853
  • 27863
  • 28412
  • 28457
  • 31326
  • 61005
suse SUSE-SR:2008:001
vupen
  • ADV-2007-4057
  • ADV-2008-2268
statements via4
contributor Mark J Cox
lastmodified 2007-12-06
organization Red Hat
statement Red Hat does not consider this to be a security issue. Versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 behave as expected and that behavior was well documented.
Last major update 06-01-2017 - 21:59
Published 01-12-2007 - 01:46
Last modified 15-10-2018 - 17:50
Back to Top