Lucene search
Debian Security Advisory DSA 499-2 (rsync)
🗓️ 17 Jan 2008 00:00:00Reported by Copyright (C) 2008 E-Soft Inc.Type 
openvas🔗 plugins.openvas.org👁 23 Views
Debian Security Advisory for rsync 499-2 fix vulnerability allowing remote user to write files outside intended directory tree
Show more
| Reporter | Title | Published | Views | Family All 35 |
|---|---|---|---|---|
| FreeBSD Ports: rsync | 4 Sep 200800:00 | – | openvas |
| Debian Security Advisory DSA 499-1 (rsync) | 17 Jan 200800:00 | – | openvas |
| Debian Security Advisory DSA 499-2 (rsync) | 17 Jan 200800:00 | – | openvas |
| Debian Security Advisory DSA 499-1 (rsync) | 17 Jan 200800:00 | – | openvas |
| Slackware: Security Advisory (SSA:2004-124-01) | 10 Sep 201200:00 | – | openvas |
| Slackware Advisory SSA:2004-124-01 rsync update | 11 Sep 201200:00 | – | openvas |
| Gentoo Security Advisory GLSA 200407-10 (rsync) | 24 Sep 200800:00 | – | openvas |
| Gentoo Security Advisory GLSA 200407-10 (rsync) | 24 Sep 200800:00 | – | openvas |
| FreeBSD Ports: rsync | 4 Sep 200800:00 | – | openvas |
 | Debian DSA-499-2 : rsync - directory traversal | 29 Sep 200400:00 | – | nessus |
10
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/bid/10247 |
| secure1 | www.secure1.securityspace.com/smysecure/catid.html |
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53203");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2004-0426");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_name("Debian Security Advisory DSA 499-2 (rsync)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB3\.0");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20499-2");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/10247");
script_tag(name:"insight", value:"A vulnerability was discovered in rsync, a file transfer program,
whereby a remote user could cause an rsync daemon to write files
outside of the intended directory tree. This vulnerability is not
exploitable when the daemon is configured with the 'chroot' option.
This update includes an additional fix related to the original
vulnerability.
For the current stable distribution (woody) this problem has been
fixed in version 2.5.5-0.5.
For the unstable distribution (sid), this problem has been fixed in
version 2.6.1-1.
We recommend that you update your rsync package.");
script_tag(name:"summary", value:"The remote host is missing an update to rsync
announced via advisory DSA 499-2.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"rsync", ver:"2.5.5-0.5", rls:"DEB3.0")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 Jan 2008 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS25
EPSS0.02009