Lucene search
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2004-436.NASLHistorySep 01, 2004 - 12:00 a.m.
RHEL 2.1 / 3 : rsync (RHSA-2004:436)
2004-09-0100:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
6.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
77.9%
An updated rsync package that fixes a path sanitizing bug is now available.
The rsync program synchronizes files over a network.
Versions of rsync up to and including version 2.6.2 contain a path sanitization issue. This issue could allow an attacker to read or write files outside of the rsync directory. This vulnerability is only exploitable when an rsync server is enabled and is not running within a chroot. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0792 to this issue.
Users of rsync are advised to upgrade to this updated package, which contains a backported patch and is not affected by this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2004:436. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(14623);
script_version("1.29");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2004-0792");
script_xref(name:"RHSA", value:"2004:436");
script_name(english:"RHEL 2.1 / 3 : rsync (RHSA-2004:436)");
script_summary(english:"Checks the rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An updated rsync package that fixes a path sanitizing bug is now
available.
The rsync program synchronizes files over a network.
Versions of rsync up to and including version 2.6.2 contain a path
sanitization issue. This issue could allow an attacker to read or
write files outside of the rsync directory. This vulnerability is only
exploitable when an rsync server is enabled and is not running within
a chroot. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0792 to this issue.
Users of rsync are advised to upgrade to this updated package, which
contains a backported patch and is not affected by this issue."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-0792"
);
script_set_attribute(
attribute:"see_also",
value:"http://rsync.samba.org/#security_aug04"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2004:436"
);
script_set_attribute(attribute:"solution", value:"Update the affected rsync package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rsync");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/20");
script_set_attribute(attribute:"patch_publication_date", value:"2004/09/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2004:436";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"rsync-2.5.7-3.21AS.1")) flag++;
if (rpm_check(release:"RHEL3", reference:"rsync-2.5.7-5.3E")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsync");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | rsync | p-cpe:/a:redhat:enterprise_linux:rsync |
| redhat | enterprise_linux | 2.1 | cpe:/o:redhat:enterprise_linux:2.1 |
| redhat | enterprise_linux | 3 | cpe:/o:redhat:enterprise_linux:3 |
Related
openvas
openvas
rsync path sanitation vulnerability
2005-11-03 00:00:00
FreeBSD Ports: rsync
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200408-17 (rsync)
2008-09-24 00:00:00
freebsd
freebsd
rsync -- path sanitizing vulnerability
2004-08-12 00:00:00
ubuntucve
ubuntucve
CVE-2004-0792
2004-10-20 00:00:00
nessus
nessus
rsync sanitize_path() Function Arbitrary File Disclosure
2004-08-16 00:00:00
FreeBSD Ports : rsync < 2.6.2_2
2004-08-27 00:00:00
GLSA-200408-17 : rsync: Potential information leakage
2004-08-30 00:00:00
debiancve
debiancve
CVE-2004-0792
2004-10-20 04:00:00
cve
cve
CVE-2004-0792
2004-10-20 04:00:00
osv
osv
rsync - unauthorised directory traversal and file access
2004-08-17 00:00:00
gentoo
gentoo
rsync: Potential information leakage
2004-08-17 00:00:00
nvd
nvd
CVE-2004-0792
2004-10-20 04:00:00
f5
f5
SOL5165 - rsync directory traversal vulnerability - CAN-2004-0792
2007-05-16 00:00:00
K5165 : rsync directory traversal vulnerability CAN-2004-0792
2013-03-28 00:00:00
redhat
redhat
(RHSA-2004:436) rsync security update
2004-09-01 00:00:00
suse
suse
remote system compromise in rsync
2004-08-16 14:49:13
cvelist
cvelist
CVE-2004-0792
2004-08-18 04:00:00
6.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
77.9%
Related for REDHAT-RHSA-2004-436.NASL