K15548 : Rsync sender.c vulnerability CVE-2007-4091

2015-04-2900:00:00

my.f5.com

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.186 Low

EPSS

Percentile

95.8%

JSON

Security Advisory Description

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. (CVE-2007-4091)

Impact

There is no impact; F5 products are not affected by this vulnerability.

Note: This article previously indicated that BIG-IP, BIG-IQ, and Enterprise Manager were affected by this vulnerability. However, F5 Product Development has subsequently determined that no F5 products are affected by this vulnerability.

CPENameOperatorVersion
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.6.0
big-ip analyticseq11.0.0
big-ip analyticseq11.1.0
big-ip analyticseq11.2.0

Name	Operator	Version
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.6.0
big-ip analytics	eq	11.0.0
big-ip analytics	eq	11.1.0
big-ip analytics	eq	11.2.0