CVE-2007-4091 - Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute ar

CVE-2007-4091

Summary

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

References

Vulnerable Configurations

cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 15-10-2018 - 21:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	25336
bugtraq	20070823 FLEA-2007-0047-1 rsync
confirm	http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908 http://c-skills.blogspot.com/2007/08/cve-2007-4091.html http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html https://issues.rpath.com/browse/RPL-1647
debian	DSA-1360
gentoo	GLSA-200709-13
secunia	26493 26518 26537 26543 26548 26634 26822 26911 27896 61039
slackware	SSA:2007-335-01
suse	SUSE-SR:2007:017
trustix	2007-0026
ubuntu	USN-500-1
vupen	ADV-2007-2915
xf	rsync-fname-bo(36072)

statements via4

contributor	Mark J Cox
lastmodified	2007-08-22
organization	Red Hat
statement	Not vulnerable. This flaw did not affect Red Hat Enterprise Linux 2.1, 3, or 4 due to the version of rsync. This flaw does exist in Red Hat Enterprise Linux 5, but due to the nature of the flaw it is not exploitable with any security consequence due to stack-protector.

Last major update

15-10-2018 - 21:33

Published

16-08-2007 - 00:17

Last modified

15-10-2018 - 21:33