cvelistv5 - CVE-2007-6199

CVE-2007-6199 (GCVE-0-2007-6199)

Vulnerability from cvelistv5

Published

2007-12-01 01:00

Modified

2024-08-07 15:54

Severity ?

CWE

Summary

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.

References

URL

Tags

cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
cve@mitre.org	http://rsync.samba.org/security.html#s3_0_0
cve@mitre.org	http://secunia.com/advisories/27853
cve@mitre.org	http://secunia.com/advisories/27863	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28412
cve@mitre.org	http://secunia.com/advisories/28457
cve@mitre.org	http://secunia.com/advisories/31326
cve@mitre.org	http://secunia.com/advisories/61005
cve@mitre.org	http://securitytracker.com/id?1019012
cve@mitre.org	http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
cve@mitre.org	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
cve@mitre.org	http://www.securityfocus.com/archive/1/487991/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26638	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4057
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2268
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rsync.samba.org/security.html#s3_0_0
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27853
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27863	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28412
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28457
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31326
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61005
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019012
af854a3a-2127-422b-91ae-364da2661108	http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487991/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26638	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4057
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2268

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:27.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28412",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28412"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
          },
          {
            "name": "ADV-2007-4057",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4057"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "ADV-2008-2268",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "27853",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27853"
          },
          {
            "name": "20080212 FLEA-2008-0004-1 rsync",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
          },
          {
            "name": "27863",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27863"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rsync.samba.org/security.html#s3_0_0"
          },
          {
            "name": "61005",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61005"
          },
          {
            "name": "28457",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28457"
          },
          {
            "name": "MDVSA-2008:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
          },
          {
            "name": "31326",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "26638",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26638"
          },
          {
            "name": "1019012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019012"
          },
          {
            "name": "SUSE-SR:2008:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28412",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28412"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
        },
        {
          "name": "ADV-2007-4057",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4057"
        },
        {
          "name": "APPLE-SA-2008-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
        },
        {
          "name": "ADV-2008-2268",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2268"
        },
        {
          "name": "27853",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27853"
        },
        {
          "name": "20080212 FLEA-2008-0004-1 rsync",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
        },
        {
          "name": "27863",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27863"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rsync.samba.org/security.html#s3_0_0"
        },
        {
          "name": "61005",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61005"
        },
        {
          "name": "28457",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28457"
        },
        {
          "name": "MDVSA-2008:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
        },
        {
          "name": "31326",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31326"
        },
        {
          "name": "26638",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26638"
        },
        {
          "name": "1019012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019012"
        },
        {
          "name": "SUSE-SR:2008:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6199",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28412",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28412"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html",
              "refsource": "CONFIRM",
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
            },
            {
              "name": "ADV-2007-4057",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4057"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "27853",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27853"
            },
            {
              "name": "20080212 FLEA-2008-0004-1 rsync",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
            },
            {
              "name": "27863",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27863"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
            },
            {
              "name": "http://rsync.samba.org/security.html#s3_0_0",
              "refsource": "CONFIRM",
              "url": "http://rsync.samba.org/security.html#s3_0_0"
            },
            {
              "name": "61005",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61005"
            },
            {
              "name": "28457",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28457"
            },
            {
              "name": "MDVSA-2008:011",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "26638",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26638"
            },
            {
              "name": "1019012",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019012"
            },
            {
              "name": "SUSE-SR:2008:001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6199",
    "datePublished": "2007-12-01T01:00:00",
    "dateReserved": "2007-11-30T00:00:00",
    "dateUpdated": "2024-08-07T15:54:27.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6199\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-12-01T06:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy.\"},{\"lang\":\"es\",\"value\":\"rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite as\u00ed que atacantes remotos  accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simb\u00f3lico que apunta fuera de la jerarqu\u00eda de ficheros del m\u00f3dulo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-16\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57F41B40-75E6-45C8-A5FB-8464C0B2D064\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"300A6A65-05FD-401C-80F6-B5F5B1F056E0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA3D53C9-3806-45E6-8AE9-7D41280EF64C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D29C5A03-A7C9-4780-BB63-CF1E874D018D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70440F49-AEE9-41BE-8E1A-43AB657C8E09\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74022B69-6557-4746-9080-24E4DDA44026\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2081CB54-130C-4A25-A2EE-42249DD6B3EB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"393F7E04-2288-45FE-8971-CC1BA036CA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60BF457A-B318-475D-950A-9D873C0C667C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52CA63EE-0911-44AE-9901-FE46FB659D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF678D2B-CD03-4A19-90B4-36448E55943E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E454C988-08A3-4269-AC6A-2A975D288C56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12BB68EF-28DF-4326-84A3-C215005FD3D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41DC890B-3D3D-41DB-8380-5C290B708350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C0E3499-E90D-40C6-B85A-6CC2312532C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C23042EA-1243-4786-8F76-CDB94E5B909B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31F7C3A4-88F3-454F-9046-CA169FF12106\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63756B36-3D03-4C2E-A1B6-AC45B045F94F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC820774-2B62-4B91-BC1A-EF6B81DD63C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4329E28A-F133-414B-98E5-F117C1B73711\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE1E7733-4A97-4817-8192-BDAA539AD2F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB2A38C-5971-4C38-A2A8-7B8FD44C3816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCD479A6-7E13-41FB-B6D9-4CBA1459083B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D08AA818-CEF0-4EA8-BF6B-90A4F512E88C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AE611E6-4959-4011-A57A-6774F28D58D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DEEFC01-69A5-4760-8052-FB8BA4B125F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A19ACD7B-B36E-42D7-B311-69CD4EF047F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D9A038C-C0B8-416D-B103-5E66963065EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C1BB055-0489-42F7-9FC7-99EDDA7026DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"336FF990-61EE-4F6B-B4BC-D268DADD3D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"408FDC67-6862-4482-9DC4-E18AFFC3F7C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84537850-6D26-47D3-9888-810B8305BD3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AD67864-2BED-42AD-985E-34058C07FEBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"382AFB02-339D-45BB-A60D-7C751F943762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A205AF-8E75-4AD8-BE0F-EC6A9296D127\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rsync.samba.org/security.html#s3_0_0\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27853\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27863\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28412\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28457\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31326\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/61005\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1019012\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/487991/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26638\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/4057\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2268\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rsync.samba.org/security.html#s3_0_0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31326\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/61005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1019012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/487991/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26638\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/4057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat does not consider this to be a security issue. Versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 behave as expected and that behavior was well documented.\",\"lastModified\":\"2007-12-06T00:00:00\"}]}}"
  }
}

CERTA-2008-AVI-388

Vulnerability from certfr_avis

Plusieurs vulnérabilités permettant entre autres l'exécution de code arbitraire à distance, et concernant le système d'exploitaiton Mac OS X, ont été corrigées.

Description

Plusieurs vulnérabilités concernant Mac OS X ont été corrigées :

Open Scripting Architecture : une mauvaise gestion des droits des plugins permet à un utilisateur malveillant local d'élever ses privilèges.
BIND : une mauvaise gestion de l'aléa et un vulnérabilité protocolaire permettent de corrompre le cache du DNS.
CarbonCore : une vulnérabilité dans les gestion des noms longs de fichier permet l'exécution de code arbitraire.
CoreGraphics : une corruption de mémoire permet l'exécution de code arbitraire, par exemple à l'aide d'un site Web spécifiquement réalisé.
CoreGraphics : un dépassement d'entier lors de la gestion de fichiers au format PDF permet l'exécution de code arbitraire.
Data Detectors Engine : la visualisation d'un message spécifiquement créé permet de provoquer un déni de service de l'application.
Disk Utility : après l'utilisation de l'outil Repair Permissions il est possible d'exécuter des commandes avec les droits sytème à l'aide d'emacs.
OpenLDAP : un message spécifiquement réalisé permet de provoquer un déni de service de l'application.
OpenSSL : une vulnérabilité dans la fonction SSL_get_shared_ciphers() permet de provoquer un déni de service de l'application.
PHP : plusieurs vulnérabilités, dont certaines permettant l'exécution de code arbitraire, ont été corrigées.
QuickLook : un document au format Microsoft Office spécifiquement réalisé permet l'exécution de code arbitraire.
rsync : l'utilisation de liens symboliques permet de modifier des fichiers hors du module.

Solution

Se référer au bulletin de sécurité d'Apple HT2647 du 1 août 2008 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.4.11 ;
N/A	N/A	Mac OS X Server 10.4 ;
N/A	N/A	Mac OS X 10.5.4.
N/A	N/A	Mac OS X Server 10.5 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT2647 du 1 août 2008	None	vendor-advisory
Bulletin de sécurité Apple HT2647 du 01 août 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant Mac OS X ont \u00e9t\u00e9 corrig\u00e9es :\n\n-   Open Scripting Architecture : une mauvaise gestion des droits des\n    plugins permet \u00e0 un utilisateur malveillant local d\u0027\u00e9lever ses\n    privil\u00e8ges.\n-   BIND : une mauvaise gestion de l\u0027al\u00e9a et un vuln\u00e9rabilit\u00e9\n    protocolaire permettent de corrompre le cache du DNS.\n-   CarbonCore : une vuln\u00e9rabilit\u00e9 dans les gestion des noms longs de\n    fichier permet l\u0027ex\u00e9cution de code arbitraire.\n-   CoreGraphics : une corruption de m\u00e9moire permet l\u0027ex\u00e9cution de code\n    arbitraire, par exemple \u00e0 l\u0027aide d\u0027un site Web sp\u00e9cifiquement\n    r\u00e9alis\u00e9.\n-   CoreGraphics : un d\u00e9passement d\u0027entier lors de la gestion de\n    fichiers au format PDF permet l\u0027ex\u00e9cution de code arbitraire.\n-   Data Detectors Engine : la visualisation d\u0027un message sp\u00e9cifiquement\n    cr\u00e9\u00e9 permet de provoquer un d\u00e9ni de service de l\u0027application.\n-   Disk Utility : apr\u00e8s l\u0027utilisation de l\u0027outil Repair Permissions il\n    est possible d\u0027ex\u00e9cuter des commandes avec les droits syt\u00e8me \u00e0\n    l\u0027aide d\u0027emacs.\n-   OpenLDAP : un message sp\u00e9cifiquement r\u00e9alis\u00e9 permet de provoquer un\n    d\u00e9ni de service de l\u0027application.\n-   OpenSSL : une vuln\u00e9rabilit\u00e9 dans la fonction\n    SSL_get_shared_ciphers() permet de provoquer un d\u00e9ni de service de\n    l\u0027application.\n-   PHP : plusieurs vuln\u00e9rabilit\u00e9s, dont certaines permettant\n    l\u0027ex\u00e9cution de code arbitraire, ont \u00e9t\u00e9 corrig\u00e9es.\n-   QuickLook : un document au format Microsoft Office sp\u00e9cifiquement\n    r\u00e9alis\u00e9 permet l\u0027ex\u00e9cution de code arbitraire.\n-   rsync : l\u0027utilisation de liens symboliques permet de modifier des\n    fichiers hors du module.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 d\u0027Apple HT2647 du 1 ao\u00fbt 2008 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2324"
    },
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-6200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
    },
    {
      "name": "CVE-2008-2051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2051"
    },
    {
      "name": "CVE-2008-2322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2322"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2008-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2325"
    },
    {
      "name": "CVE-2007-6199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6199"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2008-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
    },
    {
      "name": "CVE-2008-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1447"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2008-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2323"
    },
    {
      "name": "CVE-2008-2050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2050"
    },
    {
      "name": "CVE-2008-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
    },
    {
      "name": "CVE-2008-2952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2952"
    }
  ],
  "initial_release_date": "2008-08-01T00:00:00",
  "last_revision_date": "2008-08-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 01 ao\u00fbt 2008 :",
      "url": "http://support.apple.com/kb/HT2647"
    }
  ],
  "reference": "CERTA-2008-AVI-388",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, et concernant le syst\u00e8me d\u0027exploitaiton Mac OS X,\nont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 1 ao\u00fbt 2008",
      "url": null
    }
  ]
}

CERTA-2007-AVI-521

Vulnerability from certfr_avis

Plusieurs vulnérabilités présentes dans rsync permettent à un utilisateur distant de contourner la politique de sécurité d'un serveur rsync.

Description

Deux vulnérabilités sont présentes dans rsync. Toutes deux permettent de contourner la politique de sécurité mise en place dans le serveur rsync par le biais de liens symboliques positionnés de façon particulière.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

rsync versions 2.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité rsync du 03 décembre 2007	None	vendor-advisory
Site de rsync :	-	other
Bulletin de sécurité rsync :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003ersync versions 2.x.\u003c/p\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans rsync. Toutes deux permettent de\ncontourner la politique de s\u00e9curit\u00e9 mise en place dans le serveur rsync\npar le biais de liens symboliques positionn\u00e9s de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
    },
    {
      "name": "CVE-2007-6199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6199"
    }
  ],
  "initial_release_date": "2007-12-05T00:00:00",
  "last_revision_date": "2007-12-05T00:00:00",
  "links": [
    {
      "title": "Site de rsync :",
      "url": "http://rsync.samba.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 rsync :",
      "url": "http://rsync.samba.org/security.html"
    }
  ],
  "reference": "CERTA-2007-AVI-521",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans rsync permettent \u00e0 un\nutilisateur distant de contourner la politique de s\u00e9curit\u00e9 d\u0027un serveur\nrsync.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans rsync",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 rsync du 03 d\u00e9cembre 2007",
      "url": null
    }
  ]
}

gsd-2007-6199

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-6199

Aliases

CVE-2007-6199

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6199",
    "description": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy.",
    "id": "GSD-2007-6199",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-6199.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6199"
      ],
      "details": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy.",
      "id": "GSD-2007-6199",
      "modified": "2023-12-13T01:21:38.348504Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6199",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28412",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28412"
          },
          {
            "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html",
            "refsource": "CONFIRM",
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
          },
          {
            "name": "ADV-2007-4057",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4057"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "ADV-2008-2268",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "27853",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27853"
          },
          {
            "name": "20080212 FLEA-2008-0004-1 rsync",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
          },
          {
            "name": "27863",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27863"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
          },
          {
            "name": "http://rsync.samba.org/security.html#s3_0_0",
            "refsource": "CONFIRM",
            "url": "http://rsync.samba.org/security.html#s3_0_0"
          },
          {
            "name": "61005",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/61005"
          },
          {
            "name": "28457",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28457"
          },
          {
            "name": "MDVSA-2008:011",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
          },
          {
            "name": "31326",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "26638",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26638"
          },
          {
            "name": "1019012",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1019012"
          },
          {
            "name": "SUSE-SR:2008:001",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6199"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-16"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://rsync.samba.org/security.html#s3_0_0",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://rsync.samba.org/security.html#s3_0_0"
            },
            {
              "name": "26638",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/26638"
            },
            {
              "name": "1019012",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1019012"
            },
            {
              "name": "27863",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27863"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
            },
            {
              "name": "27853",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27853"
            },
            {
              "name": "MDVSA-2008:011",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
            },
            {
              "name": "SUSE-SR:2008:001",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
            },
            {
              "name": "28412",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28412"
            },
            {
              "name": "28457",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28457"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "ADV-2007-4057",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4057"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
            },
            {
              "name": "61005",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/61005"
            },
            {
              "name": "20080212 FLEA-2008-0004-1 rsync",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:50Z",
      "publishedDate": "2007-12-01T06:46Z"
    }
  }
}

ghsa-r5c5-5849-8rr9

Vulnerability from github

Published

2022-05-01 18:40

Modified

2022-05-01 18:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6199"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-01T06:46:00Z",
    "severity": "HIGH"
  },
  "details": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy.",
  "id": "GHSA-r5c5-5849-8rr9",
  "modified": "2022-05-01T18:40:27Z",
  "published": "2022-05-01T18:40:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6199"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61005"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "type": "WEB",
      "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26638"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2007-6199

Vulnerability from fkie_nvd

Published

2007-12-01 06:46

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
cve@mitre.org	http://rsync.samba.org/security.html#s3_0_0
cve@mitre.org	http://secunia.com/advisories/27853
cve@mitre.org	http://secunia.com/advisories/27863	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28412
cve@mitre.org	http://secunia.com/advisories/28457
cve@mitre.org	http://secunia.com/advisories/31326
cve@mitre.org	http://secunia.com/advisories/61005
cve@mitre.org	http://securitytracker.com/id?1019012
cve@mitre.org	http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
cve@mitre.org	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
cve@mitre.org	http://www.securityfocus.com/archive/1/487991/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26638	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4057
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2268
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rsync.samba.org/security.html#s3_0_0
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27853
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27863	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28412
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28457
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31326
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61005
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019012
af854a3a-2127-422b-91ae-364da2661108	http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487991/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26638	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4057
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2268

Impacted products

Vendor	Product	Version
slackware	slackware_linux	8.1
slackware	slackware_linux	9.0
slackware	slackware_linux	9.1
slackware	slackware_linux	10.0
slackware	slackware_linux	10.1
slackware	slackware_linux	10.2
slackware	slackware_linux	11.0
slackware	slackware_linux	12.0
rsync	rsync	2.3.1
rsync	rsync	2.3.2
rsync	rsync	2.3.2_1.2alpha
rsync	rsync	2.3.2_1.2arm
rsync	rsync	2.3.2_1.2intel
rsync	rsync	2.3.2_1.2m68k
rsync	rsync	2.3.2_1.2ppc
rsync	rsync	2.3.2_1.2sparc
rsync	rsync	2.3.2_1.3
rsync	rsync	2.4.0
rsync	rsync	2.4.1
rsync	rsync	2.4.3
rsync	rsync	2.4.4
rsync	rsync	2.4.5
rsync	rsync	2.4.6
rsync	rsync	2.4.8
rsync	rsync	2.5.0
rsync	rsync	2.5.1
rsync	rsync	2.5.2
rsync	rsync	2.5.3
rsync	rsync	2.5.4
rsync	rsync	2.5.5
rsync	rsync	2.5.6
rsync	rsync	2.5.7
rsync	rsync	2.6
rsync	rsync	2.6.1
rsync	rsync	2.6.2
rsync	rsync	2.6.5
rsync	rsync	2.6.6
rsync	rsync	2.6.7
rsync	rsync	2.6.8
rsync	rsync	2.6.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70440F49-AEE9-41BE-8E1A-43AB657C8E09",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2081CB54-130C-4A25-A2EE-42249DD6B3EB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "393F7E04-2288-45FE-8971-CC1BA036CA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BF457A-B318-475D-950A-9D873C0C667C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
              "matchCriteriaId": "52CA63EE-0911-44AE-9901-FE46FB659D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF678D2B-CD03-4A19-90B4-36448E55943E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
              "matchCriteriaId": "E454C988-08A3-4269-AC6A-2A975D288C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BB68EF-28DF-4326-84A3-C215005FD3D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DC890B-3D3D-41DB-8380-5C290B708350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0E3499-E90D-40C6-B85A-6CC2312532C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23042EA-1243-4786-8F76-CDB94E5B909B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F7C3A4-88F3-454F-9046-CA169FF12106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "63756B36-3D03-4C2E-A1B6-AC45B045F94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC820774-2B62-4B91-BC1A-EF6B81DD63C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4329E28A-F133-414B-98E5-F117C1B73711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1E7733-4A97-4817-8192-BDAA539AD2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD479A6-7E13-41FB-B6D9-4CBA1459083B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE611E6-4959-4011-A57A-6774F28D58D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DEEFC01-69A5-4760-8052-FB8BA4B125F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19ACD7B-B36E-42D7-B311-69CD4EF047F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9A038C-C0B8-416D-B103-5E66963065EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C1BB055-0489-42F7-9FC7-99EDDA7026DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "336FF990-61EE-4F6B-B4BC-D268DADD3D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "408FDC67-6862-4482-9DC4-E18AFFC3F7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84537850-6D26-47D3-9888-810B8305BD3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD67864-2BED-42AD-985E-34058C07FEBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "382AFB02-339D-45BB-A60D-7C751F943762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
    },
    {
      "lang": "es",
      "value": "rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite as\u00ed que atacantes remotos  accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simb\u00f3lico que apunta fuera de la jerarqu\u00eda de ficheros del m\u00f3dulo."
    }
  ],
  "id": "CVE-2007-6199",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-12-01T06:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/61005"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26638"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat does not consider this to be a security issue. Versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 behave as expected and that behavior was well documented.",
      "lastModified": "2007-12-06T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

opensuse-su-2024:11308-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

rsync-3.2.3-2.6 on GA media

Notes

Title of the patch

rsync-3.2.3-2.6 on GA media

Description of the patch

These are all security issues fixed in the rsync-3.2.3-2.6 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11308

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "rsync-3.2.3-2.6 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the rsync-3.2.3-2.6 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11308",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11308-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2007-4091 page",
        "url": "https://www.suse.com/security/cve/CVE-2007-4091/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2007-6199 page",
        "url": "https://www.suse.com/security/cve/CVE-2007-6199/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16548 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16548/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5764 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5764/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14387 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14387/"
      }
    ],
    "title": "rsync-3.2.3-2.6 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11308-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-3.2.3-2.6.aarch64",
                "product": {
                  "name": "rsync-3.2.3-2.6.aarch64",
                  "product_id": "rsync-3.2.3-2.6.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-3.2.3-2.6.ppc64le",
                "product": {
                  "name": "rsync-3.2.3-2.6.ppc64le",
                  "product_id": "rsync-3.2.3-2.6.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-3.2.3-2.6.s390x",
                "product": {
                  "name": "rsync-3.2.3-2.6.s390x",
                  "product_id": "rsync-3.2.3-2.6.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-3.2.3-2.6.x86_64",
                "product": {
                  "name": "rsync-3.2.3-2.6.x86_64",
                  "product_id": "rsync-3.2.3-2.6.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-3.2.3-2.6.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64"
        },
        "product_reference": "rsync-3.2.3-2.6.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-3.2.3-2.6.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le"
        },
        "product_reference": "rsync-3.2.3-2.6.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-3.2.3-2.6.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x"
        },
        "product_reference": "rsync-3.2.3-2.6.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-3.2.3-2.6.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
        },
        "product_reference": "rsync-3.2.3-2.6.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-4091",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2007-4091"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2007-4091",
          "url": "https://www.suse.com/security/cve/CVE-2007-4091"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 279866 for CVE-2007-4091",
          "url": "https://bugzilla.suse.com/279866"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 294073 for CVE-2007-4091",
          "url": "https://bugzilla.suse.com/294073"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2007-4091"
    },
    {
      "cve": "CVE-2007-6199",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2007-6199"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2007-6199",
          "url": "https://www.suse.com/security/cve/CVE-2007-6199"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 345507 for CVE-2007-6199",
          "url": "https://bugzilla.suse.com/345507"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2007-6199"
    },
    {
      "cve": "CVE-2017-16548",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16548"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing \u0027\\0\u0027 character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16548",
          "url": "https://www.suse.com/security/cve/CVE-2017-16548"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1066644 for CVE-2017-16548",
          "url": "https://bugzilla.suse.com/1066644"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-16548"
    },
    {
      "cve": "CVE-2018-5764",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5764"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5764",
          "url": "https://www.suse.com/security/cve/CVE-2018-5764"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076503 for CVE-2018-5764",
          "url": "https://bugzilla.suse.com/1076503"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-5764"
    },
    {
      "cve": "CVE-2020-14387",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14387"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
          "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14387",
          "url": "https://www.suse.com/security/cve/CVE-2020-14387"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176160 for CVE-2020-14387",
          "url": "https://bugzilla.suse.com/1176160"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.aarch64",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.ppc64le",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.s390x",
            "openSUSE Tumbleweed:rsync-3.2.3-2.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14387"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-6199 (GCVE-0-2007-6199)

Vulnerability from cvelistv5

CERTA-2008-AVI-388

Vulnerability from certfr_avis

Description

Solution

CERTA-2007-AVI-521

Vulnerability from certfr_avis

Description

Solution

gsd-2007-6199

Vulnerability from gsd

ghsa-r5c5-5849-8rr9

Vulnerability from github

fkie_cve-2007-6199

Vulnerability from fkie_nvd

opensuse-su-2024:11308-1

Vulnerability from csaf_opensuse

Tags

Sightings

Nomenclature