Debian Security Advisory DSA 499-2 (rsync)

2008-01-1700:00:00

plugins.openvas.org

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.035 Low

EPSS

Percentile

91.5%

JSON

The remote host is missing an update to rsync
announced via advisory DSA 499-2.

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.53203");
  script_version("2023-07-19T05:05:15+0000");
  script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)");
  script_cve_id("CVE-2004-0426");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_name("Debian Security Advisory DSA 499-2 (rsync)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB3\.0");
  script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20499-2");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/10247");
  script_tag(name:"insight", value:"A vulnerability was discovered in rsync, a file transfer program,
whereby a remote user could cause an rsync daemon to write files
outside of the intended directory tree.  This vulnerability is not
exploitable when the daemon is configured with the 'chroot' option.

This update includes an additional fix related to the original
vulnerability.

For the current stable distribution (woody) this problem has been
fixed in version 2.5.5-0.5.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.1-1.

We recommend that you update your rsync package.");
  script_tag(name:"summary", value:"The remote host is missing an update to rsync
announced via advisory DSA 499-2.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if((res = isdpkgvuln(pkg:"rsync", ver:"2.5.5-0.5", rls:"DEB3.0")) != NULL) {
  report += res;
}

if(report != "") {
  security_message(data:report);
} else if(__pkg_match) {
  exit(99);
}