SOL15549 - Rsync vulnerability CVE-2007-6199

2014-09-0400:00:00

support.f5.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

88.0%

JSON

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module’s hierarchy. (CVE-2007-6199)

CPENameOperatorVersion
big-ip apmle11.6.0
big-ip gtmle11.6.0
big-ip analyticsle11.6.0
big-ip edge gatewayle11.3.0
big-ip ltmle11.6.0
big-ip link controllerle11.6.0
big-ip pemle11.6.0
big-ip webacceleratorle11.3.0
big-ip womle11.3.0
big-ip psmle11.4.1

Name	Operator	Version
big-ip apm	le	11.6.0
big-ip gtm	le	11.6.0
big-ip analytics	le	11.6.0
big-ip edge gateway	le	11.3.0
big-ip ltm	le	11.6.0
big-ip link controller	le	11.6.0
big-ip pem	le	11.6.0
big-ip webaccelerator	le	11.3.0
big-ip wom	le	11.3.0
big-ip psm	le	11.4.1