Search...

Slackware Advisory SSA:2004-285-01 rsync

2012-09-11T00:00:00

ID OPENVAS:53905
Type openvas
Reporter Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update as announced via advisory SSA:2004-285-01.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: esoft_slk_ssa_2004_285_01.nasl 6598 2017-07-07 09:36:44Z cfischer $
# Description: Auto-generated from the corresponding slackware advisory
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1,
10.0, and -current to a fix security issue when rsync is run as
a non-chrooted server.";
tag_summary = "The remote host is missing an update as announced
via advisory SSA:2004-285-01.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-285-01";
                                                                                
if(description)
{
 script_id(53905);
 script_cve_id("CVE-2004-0792");
 script_tag(name:"creation_date", value:"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"cvss_base", value:"6.4");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
 script_version("$Revision: 6598 $");
 name = "Slackware Advisory SSA:2004-285-01 rsync ";
 script_name(name);



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
 script_family("Slackware Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-slack.inc");
vuln = 0;
if(isslkpkgvuln(pkg:"rsync", ver:"2.6.3-i386-1", rls:"SLK8.1")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"rsync", ver:"2.6.3-i386-1", rls:"SLK9.0")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"rsync", ver:"2.6.3-i486-1", rls:"SLK9.1")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"rsync", ver:"2.6.3-i486-1", rls:"SLK10.0")) {
    vuln = 1;
}

if(vuln) {
    security_message(0);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:53905", "type": "openvas", "bulletinFamily": "scanner", "title": "Slackware Advisory SSA:2004-285-01 rsync", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-285-01.", "published": "2012-09-11T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53905", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2004-0792"], "lastseen": "2017-07-24T12:50:49", "viewCount": 0, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-07-24T12:50:49", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0792"]}, {"type": "suse", "idList": ["SUSE-SA:2004:026"]}, {"type": "f5", "idList": ["F5:K5165", "SOL5165"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2004-436.NASL", "RSYNC_PATH_SANITATION_VULN.NASL", "FREEBSD_RSYNC_262_2.NASL", "MANDRAKE_MDKSA-2004-083.NASL", "DEBIAN_DSA-538.NASL", "FREEBSD_PKG_2689F4CBEC4C11D89440000347A4FA7D.NASL", "SLACKWARE_SSA_2004-285-01.NASL", "GENTOO_GLSA-200408-17.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:52411", "OPENVAS:14223", "OPENVAS:53228", "OPENVAS:136141256231053905", "OPENVAS:54647", "OPENVAS:136141256231014223"]}, {"type": "freebsd", "idList": ["2689F4CB-EC4C-11D8-9440-000347A4FA7D"]}, {"type": "gentoo", "idList": ["GLSA-200408-17"]}, {"type": "osvdb", "idList": ["OSVDB:8829"]}, {"type": "redhat", "idList": ["RHSA-2004:436"]}], "modified": "2017-07-24T12:50:49", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "53905", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_285_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, and -current to a fix security issue when rsync is run as\na non-chrooted server.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2004-285-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-285-01\";\n \nif(description)\n{\n script_id(53905);\n script_cve_id(\"CVE-2004-0792\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2004-285-01 rsync \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"rsync\", ver:\"2.6.3-i386-1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"rsync\", ver:\"2.6.3-i386-1\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"rsync\", ver:\"2.6.3-i486-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"rsync\", ver:\"2.6.3-i486-1\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Slackware Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:33:39", "description": "Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.", "edition": 3, "cvss3": {}, "published": "2004-10-20T04:00:00", "title": "CVE-2004-0792", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0792"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/a:andrew_tridgell:rsync:2.6", "cpe:/a:andrew_tridgell:rsync:2.3.2_1.3", "cpe:/a:andrew_tridgell:rsync:2.5.0", "cpe:/a:andrew_tridgell:rsync:2.3.2_1.2", "cpe:/a:andrew_tridgell:rsync:2.5.2", "cpe:/a:andrew_tridgell:rsync:2.4.1", "cpe:/a:andrew_tridgell:rsync:2.6.1", "cpe:/a:andrew_tridgell:rsync:2.5.1", "cpe:/a:andrew_tridgell:rsync:2.5.3", "cpe:/a:andrew_tridgell:rsync:2.3.2", "cpe:/a:andrew_tridgell:rsync:2.4.3", "cpe:/a:andrew_tridgell:rsync:2.4.8", "cpe:/a:andrew_tridgell:rsync:2.5.4", "cpe:/a:andrew_tridgell:rsync:2.5.6", "cpe:/a:andrew_tridgell:rsync:2.6.2", "cpe:/a:andrew_tridgell:rsync:2.4.4", "cpe:/a:andrew_tridgell:rsync:2.4.0", "cpe:/a:andrew_tridgell:rsync:2.4.6", "cpe:/a:andrew_tridgell:rsync:2.4.5", "cpe:/a:andrew_tridgell:rsync:2.5.7", "cpe:/a:andrew_tridgell:rsync:2.3.1", "cpe:/a:andrew_tridgell:rsync:2.5.5"], "id": "CVE-2004-0792", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0792", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:andrew_tridgell:rsync:2.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.3:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:alpha:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:arm:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:m68k:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:sparc:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:ppc:*:*:*:*:*", "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:intel:*:*:*:*:*"]}], "f5": [{"lastseen": "2019-05-01T00:21:09", "bulletinFamily": "software", "cvelist": ["CVE-2004-0792"], "description": "", "edition": 1, "modified": "2017-10-02T20:43:00", "published": "2007-05-17T04:00:00", "id": "F5:K5165", "href": "https://support.f5.com/csp/article/K5165", "title": "rsync directory traversal vulnerability CAN-2004-0792", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:57", "bulletinFamily": "software", "cvelist": ["CVE-2004-0792"], "edition": 1, "description": "Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.\n\nInformation about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0792>\n", "modified": "2013-03-28T00:00:00", "published": "2007-05-16T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/5000/100/sol5165.html", "id": "SOL5165", "title": "SOL5165 - rsync directory traversal vulnerability - CAN-2004-0792", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "cvelist": ["CVE-2004-0792"], "edition": 1, "description": "## Vulnerability Description\nrsync contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker supplies a specially crafted path which causes the sanitize_path()function to generate an absolute filename in place of a relative filename, which will disclose arbitrary file information resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, rsync has released a patch to address this vulnerability.\n## Short Description\nrsync contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker supplies a specially crafted path which causes the sanitize_path()function to generate an absolute filename in place of a relative filename, which will disclose arbitrary file information resulting in a loss of confidentiality.\n## References:\nVendor URL: http://rsync.samba.org/\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200408-17.xml)\n[Vendor Specific Advisory URL](http://rsync.samba.org/#security_aug04)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:083)\n[Secunia Advisory ID:12313](https://secuniaresearch.flexerasoftware.com/advisories/12313/)\n[Secunia Advisory ID:12315](https://secuniaresearch.flexerasoftware.com/advisories/12315/)\n[Secunia Advisory ID:12335](https://secuniaresearch.flexerasoftware.com/advisories/12335/)\n[Secunia Advisory ID:13048](https://secuniaresearch.flexerasoftware.com/advisories/13048/)\n[Secunia Advisory ID:12310](https://secuniaresearch.flexerasoftware.com/advisories/12310/)\n[Secunia Advisory ID:12797](https://secuniaresearch.flexerasoftware.com/advisories/12797/)\n[Secunia Advisory ID:12312](https://secuniaresearch.flexerasoftware.com/advisories/12312/)\n[Secunia Advisory ID:12433](https://secuniaresearch.flexerasoftware.com/advisories/12433/)\n[Secunia Advisory ID:12294](https://secuniaresearch.flexerasoftware.com/advisories/12294/)\n[Secunia Advisory ID:12307](https://secuniaresearch.flexerasoftware.com/advisories/12307/)\nOther Advisory URL: http://www.debian.org/security/2004/dsa-538\nOther Advisory URL: http://www.trustix.net/errata/2004/0042/\nOther Advisory URL: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.431578\nOther Advisory URL: http://secwatch.org/advisories/1008415\nOther Advisory URL: http://www.suse.de/de/security/2004_26_rsync.html\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-436.html\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000881\n[Nessus Plugin ID:14386](https://vulners.com/search?query=pluginID:14386)\n[Nessus Plugin ID:14321](https://vulners.com/search?query=pluginID:14321)\n[Nessus Plugin ID:14332](https://vulners.com/search?query=pluginID:14332)\n[Nessus Plugin ID:14623](https://vulners.com/search?query=pluginID:14623)\n[Nessus Plugin ID:14320](https://vulners.com/search?query=pluginID:14320)\n[Nessus Plugin ID:14223](https://vulners.com/search?query=pluginID:14223)\n[CVE-2004-0792](https://vulners.com/cve/CVE-2004-0792)\n", "modified": "2004-08-13T04:12:18", "published": "2004-08-13T04:12:18", "href": "https://vulners.com/osvdb/OSVDB:8829", "id": "OSVDB:8829", "type": "osvdb", "title": "rsync sanitize_path() Arbitrary File Dislcosure", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2019-08-13T18:47:03", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0792"], "description": "The rsync program synchronizes files over a network. \n \nVersions of rsync up to and including version 2.6.2 contain a path \nsanitization issue. This issue could allow an attacker to read or write \nfiles outside of the rsync directory. This vulnerability is only \nexploitable when an rsync server is enabled and is not running within a\nchroot. The Common Vulnerabilities and Exposures project (cve.mitre.org)\nhas assigned the name CAN-2004-0792 to this issue.\n\nUsers of rsync are advised to upgrade to this updated package, which \ncontains a backported patch and is not affected by this issue.", "modified": "2019-03-22T23:43:41", "published": "2004-09-01T04:00:00", "id": "RHSA-2004:436", "href": "https://access.redhat.com/errata/RHSA-2004:436", "type": "redhat", "title": "(RHSA-2004:436) rsync security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-24T12:49:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "description": "The remote host is missing an update to rsync\nannounced via advisory DSA 538-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53228", "href": "http://plugins.openvas.org/nasl.php?oid=53228", "type": "openvas", "title": "Debian Security Advisory DSA 538-1 (rsync)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_538_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 538-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The rsync developers have discoverd a security related problem in\nrsync, a fast remote file copy program, which offers an attacker to\naccess files outside of the defined directory. To exploit this\npath-sanitizing bug, rsync has to run in daemon mode with the chroot\noption being disabled. It does not affect the normal send/receive\nfilenames that specify what files should be transferred. It does\naffect certain option paths that cause auxiliary files to be read or\nwritten.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.5.5-0.6.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.6.2-3.\n\nWe recommend that you upgrade your rsync package.\";\ntag_summary = \"The remote host is missing an update to rsync\nannounced via advisory DSA 538-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20538-1\";\n\nif(description)\n{\n script_id(53228);\n script_cve_id(\"CVE-2004-0792\");\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 538-1 (rsync)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rsync\", ver:\"2.5.5-0.6\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-28T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52411", "href": "http://plugins.openvas.org/nasl.php?oid=52411", "type": "openvas", "title": "FreeBSD Ports: rsync", "sourceData": "#\n#VID 2689f4cb-ec4c-11d8-9440-000347a4fa7d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: rsync\n\nCVE-2004-0792\nDirectory traversal vulnerability in the sanitize_path function in\nutil.c for rsync 2.6.2 and earlier, when chroot is disabled, allows\nattackers to read or write certain files.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52411);\n script_version(\"$Revision: 4164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-28 09:03:16 +0200 (Wed, 28 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0792\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"FreeBSD Ports: rsync\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://samba.org/rsync/#security_aug04\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/12294\");\n script_xref(name : \"URL\" , value : \"http://lists.samba.org/archive/rsync-announce/2004/000017.html\");\n script_xref(name : \"URL\" , value : \"http://www.vuxml.org/freebsd/2689f4cb-ec4c-11d8-9440-000347a4fa7d.html\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"rsync\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.2_2\")<0) {\n txt += 'Package rsync version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200408-17.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54647", "href": "http://plugins.openvas.org/nasl.php?oid=54647", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200408-17 (rsync)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"rsync fails to properly sanitize paths. This vulnerability could allow the\nlisting of arbitrary files and allow file overwriting outside module's\npath on rsync server configurations that allow uploading.\";\ntag_solution = \"All users should update to the latest version of the rsync package.\n\n # emerge sync\n\n # emerge -pv '>=net-misc/rsync-2.6.0-r3'\n # emerge '>=net-misc/rsync-2.6.0-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200408-17\nhttp://bugs.gentoo.org/show_bug.cgi?id=60309\nhttp://samba.org/rsync/#security_aug04\nhttp://lists.samba.org/archive/rsync-announce/2004/000017.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200408-17.\";\n\n \n\nif(description)\n{\n script_id(54647);\n script_cve_id(\"CVE-2004-0792\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200408-17 (rsync)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/rsync\", unaffected: make_list(\"ge 2.6.0-r3\"), vulnerable: make_list(\"le 2.6.0-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "description": "A vulnerability has been reported in rsync, which potentially can be exploited \n by malicious users to read or write arbitrary files on a vulnerable system.\n\n rsync is a software product for keeping files synched across multiple\n systems. Rsync is a network-based program and typically communicates\n over TCP port 873.", "modified": "2016-10-04T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:14223", "href": "http://plugins.openvas.org/nasl.php?oid=14223", "type": "openvas", "title": "rsync path sanitation vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: rsync_path_sanitation_vuln.nasl 4207 2016-10-04 11:57:02Z cfi $\n#\n# rsync path sanitation vulnerability\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n# Ref: Reported by vendor\n\nif(description)\n{\n script_id(14223);\n script_version(\"$Revision: 4207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 13:57:02 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(10938);\n script_cve_id(\"CVE-2004-0792\");\n script_name(\"rsync path sanitation vulnerability\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Gain a shell remotely\");\n script_copyright(\"This script is Copyright (C) 2004 David Maciejak\");\n script_dependencies(\"rsync_modules.nasl\");\n script_require_ports(\"Services/rsync\", 873);\n\n tag_summary = \"A vulnerability has been reported in rsync, which potentially can be exploited \n by malicious users to read or write arbitrary files on a vulnerable system.\n\n rsync is a software product for keeping files synched across multiple\n systems. Rsync is a network-based program and typically communicates\n over TCP port 873.\";\n\n tag_impact = \"There is a flaw in this version of rsync which, due to an input validation\n error, would allow a remote attacker to gain access to the remote system.\";\n\n tag_insight = \"An attacker, exploiting this flaw, would need network access to the TCP port. \n\n Successful exploitation requires that the rsync daemon is *not* running chrooted.\n\n *** Since rsync does not advertise its version number\n *** and since there are little details about this flaw at\n *** this time, this might be a false positive\";\n\n tag_solution = \"Upgrade to rsync 2.6.3 or newer.\";\n\n script_tag(name:\"summary\", value:tag_summary);\n script_tag(name:\"impact\", value:tag_impact);\n script_tag(name:\"insight\", value:tag_insight);\n script_tag(name:\"solution\", value:tag_solution);\n\n script_tag(name:\"solution_type\", value: \"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"rsync_func.inc\");\n\nport = get_rsync_port( default:873 );\n\nwelcome = get_kb_item( \"rsync/\" + port + \"/banner\" );\nif ( ! welcome ) {\n soc = open_sock_tcp( port );\n if( ! soc ) exit( 0 );\n welcome = recv_line( socket:soc, length:4096 );\n if( ! welcome ) exit( 0 );\n}\n\n# rsyncd speaking protocol 28 are not vulnerable\nif( ereg( pattern:\"@RSYNCD: (1[0-9]|2[0-8])\", string:welcome ) ) {\n security_message( port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-04-20T18:40:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "description": "A vulnerability has been reported in rsync, which potentially can be exploited\n by malicious users to read or write arbitrary files on a vulnerable system.", "modified": "2020-04-16T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231014223", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231014223", "type": "openvas", "title": "rsync path sanitation vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# rsync path sanitation vulnerability\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.14223\");\n script_version(\"2020-04-16T13:54:19+0000\");\n script_bugtraq_id(10938);\n script_cve_id(\"CVE-2004-0792\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 13:54:19 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"rsync path sanitation vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Gain a shell remotely\");\n script_copyright(\"Copyright (C) 2004 David Maciejak\");\n script_dependencies(\"gb_rsync_remote_detect.nasl\");\n script_require_ports(\"Services/rsync\", 873);\n script_mandatory_keys(\"rsync/protocol_banner/available\");\n\n script_tag(name:\"summary\", value:\"A vulnerability has been reported in rsync, which potentially can be exploited\n by malicious users to read or write arbitrary files on a vulnerable system.\");\n\n script_tag(name:\"impact\", value:\"There is a flaw in this version of rsync which, due to an input validation\n error, would allow a remote attacker to gain access to the remote system.\");\n\n script_tag(name:\"insight\", value:\"An attacker, exploiting this flaw, would need network access to the TCP port.\n\n Successful exploitation requires that the rsync daemon is *not* running chrooted.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to rsync 2.6.3 or newer.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"rsync_func.inc\");\ninclude(\"misc_func.inc\");\n\nport = rsync_get_port( default:873 );\n\nprotocol = get_kb_item( \"rsync/protocol_banner/\" + port );\nif( ! protocol )\n exit( 0 );\n\n# rsyncd speaking protocol 28 are not vulnerable\nif( ereg( pattern:\"(@RSYNCD:|protocol version) (1[0-9]|2[0-8])\", string:protocol ) ) {\n report = \"Detected and affected RSYNCD protocol: \" + protocol;\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-285-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231053905", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053905", "type": "openvas", "title": "Slackware Advisory SSA:2004-285-01 rsync", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_285_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.53905\");\n script_cve_id(\"CVE-2004-0792\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2004-285-01 rsync\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-285-01\");\n\n script_tag(name:\"insight\", value:\"New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, and -current to a fix security issue when rsync is run as\na non-chrooted server.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2004-285-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"rsync\", ver:\"2.6.3-i386-1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"rsync\", ver:\"2.6.3-i386-1\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"rsync\", ver:\"2.6.3-i486-1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"rsync\", ver:\"2.6.3-i486-1\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "suse": [{"lastseen": "2016-09-04T12:38:06", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0792"], "description": "The rsync-team released an advisory about a security problem in rsync. If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. As a result it is possible to read/write from/to files outside the rsync directory.\n#### Solution\nAs a temporary workaround we suggest to keep the chroot-option of rsyncd enabled or to avoid the daemon-mode and use SSH as transport channel if possible.", "edition": 1, "modified": "2004-08-16T14:49:13", "published": "2004-08-16T14:49:13", "id": "SUSE-SA:2004:026", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-08/msg00008.html", "title": "remote system compromise in rsync", "type": "suse", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2016-09-26T17:26:17", "edition": 1, "description": "The remote host has an old version of rsync installed.\n\nThere is a flaw in this version of rsync which, due to an input validation error, would allow a remote attacker to gain access to the remote system.\n\nAn attacker, exploiting this flaw, would need network access to the TCP port. \n\nSuccessful exploitation requires that the rsync daemon is *not* running chroot.", "published": "2004-08-27T00:00:00", "type": "nessus", "title": "FreeBSD Ports : rsync < 2.6.2_2", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "modified": "2011-10-02T00:00:00", "id": "FREEBSD_RSYNC_262_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14386", "sourceData": "# @DEPRECATED@\n# \n# This script has been deprecated by freebsd_pkg_73ea07069c5711d893660020ed76ef5a.nasl.\n#\n# Disabled on 2011/10/01.\n\n\n#\n# (C) Tenable Network Security\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(14386);\n script_bugtraq_id(10938);\n script_version (\"$Revision: 1.12 $\");\n script_cve_id(\"CVE-2004-0792\");\n name[\"english\"] = \"FreeBSD Ports : rsync < 2.6.2_2\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has an old version of rsync installed.\n\nThere is a flaw in this version of rsync which, due to an input validation\nerror, would allow a remote attacker to gain access to the remote system.\n\nAn attacker, exploiting this flaw, would need network access to the TCP port. \n\nSuccessful exploitation requires that the rsync daemon is *not* running chroot.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.vuxml.org/freebsd/73ea0706-9c57-11d8-9366-0020ed76ef5a.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/08/27\");\n script_cvs_date(\"$Date: 2011/10/02 01:18:57 $\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the rsync package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n\nexit(0, \"This plugin has been deprecated. Refer to plugin #38112 (freebsd_pkg_73ea07069c5711d893660020ed76ef5a.nasl) instead.\");\n\n\n\ninclude(\"freebsd_package.inc\");\n\n\npkgs = get_kb_item(\"Host/FreeBSD/pkg_info\");\n\npackage = egrep(pattern:\"^rsync-[0-2]\", string:pkgs);\nif ( package && pkg_cmp(pkg:package, reference:\"rsync-2.6.2_2\") < 0 ) \n\tsecurity_warning(0);\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-01-06T10:02:56", "description": "The rsync developers have discovered a security related problem in\nrsync, a fast remote file copy program, which offers an attacker to\naccess files outside of the defined directory. To exploit this\npath-sanitizing bug, rsync has to run in daemon mode with the chroot\noption being disabled. It does not affect the normal send/receive\nfilenames that specify what files should be transferred. It does\naffect certain option paths that cause auxiliary files to be read or\nwritten.", "edition": 25, "published": "2004-09-29T00:00:00", "title": "Debian DSA-538-1 : rsync - unsanitised input processing", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:rsync"], "id": "DEBIAN_DSA-538.NASL", "href": "https://www.tenable.com/plugins/nessus/15375", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-538. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15375);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-0792\");\n script_xref(name:\"DSA\", value:\"538\");\n\n script_name(english:\"Debian DSA-538-1 : rsync - unsanitised input processing\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The rsync developers have discovered a security related problem in\nrsync, a fast remote file copy program, which offers an attacker to\naccess files outside of the defined directory. To exploit this\npath-sanitizing bug, rsync has to run in daemon mode with the chroot\noption being disabled. It does not affect the normal send/receive\nfilenames that specify what files should be transferred. It does\naffect certain option paths that cause auxiliary files to be read or\nwritten.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-538\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rsync package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 2.5.5-0.6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"rsync\", reference:\"2.5.5-0.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-07T11:51:22", "description": "An advisory was sent out by the rsync team regarding a security\nvulnerability in all versions of rsync prior to and including 2.6.2.\nIf rsync is running in daemon mode, and not in a chrooted environment,\nit is possible for a remote attacker to trick rsyncd into creating an\nabsolute pathname while sanitizing it. This vulnerability allows a\nremote attacker to possibly read/write to/from files outside of the\nrsync directory.\n\nThe updated packages are patched to prevent this problem.", "edition": 24, "published": "2004-08-22T00:00:00", "title": "Mandrake Linux Security Advisory : rsync (MDKSA-2004:083)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "modified": "2004-08-22T00:00:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:9.1", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:rsync"], "id": "MANDRAKE_MDKSA-2004-083.NASL", "href": "https://www.tenable.com/plugins/nessus/14332", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:083. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14332);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0792\");\n script_xref(name:\"MDKSA\", value:\"2004:083\");\n\n script_name(english:\"Mandrake Linux Security Advisory : rsync (MDKSA-2004:083)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An advisory was sent out by the rsync team regarding a security\nvulnerability in all versions of rsync prior to and including 2.6.2.\nIf rsync is running in daemon mode, and not in a chrooted environment,\nit is possible for a remote attacker to trick rsyncd into creating an\nabsolute pathname while sanitizing it. This vulnerability allows a\nremote attacker to possibly read/write to/from files outside of the\nrsync directory.\n\nThe updated packages are patched to prevent this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://samba.org/rsync/#security_aug04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rsync package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"rsync-2.6.0-1.2.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"rsync-2.5.7-0.3.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"rsync-2.5.7-0.3.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-07T10:51:51", "description": "The remote host is affected by the vulnerability described in GLSA-200408-17\n(rsync: Potential information leakage)\n\n The paths sent by the rsync client are not checked thoroughly enough.\n It does not affect the normal send/receive filenames that specify what\n files should be transferred. It does affect certain option paths that\n cause auxiliary files to be read or written.\n \nImpact :\n\n When rsyncd is used without chroot ('use chroot = false' in the\n rsyncd.conf file), this vulnerability could allow the listing of\n arbitrary files outside module's path and allow file overwriting\n outside module's path on rsync server configurations that allows\n uploading. Both possibilities are exposed only when chroot option is\n disabled.\n \nWorkaround :\n\n You should never set the rsync daemon to run with 'use chroot = false'.", "edition": 28, "published": "2004-08-30T00:00:00", "title": "GLSA-200408-17 : rsync: Potential information leakage", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "modified": "2004-08-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:rsync"], "id": "GENTOO_GLSA-200408-17.NASL", "href": "https://www.tenable.com/plugins/nessus/14573", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200408-17.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14573);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0792\");\n script_xref(name:\"GLSA\", value:\"200408-17\");\n\n script_name(english:\"GLSA-200408-17 : rsync: Potential information leakage\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200408-17\n(rsync: Potential information leakage)\n\n The paths sent by the rsync client are not checked thoroughly enough.\n It does not affect the normal send/receive filenames that specify what\n files should be transferred. It does affect certain option paths that\n cause auxiliary files to be read or written.\n \nImpact :\n\n When rsyncd is used without chroot ('use chroot = false' in the\n rsyncd.conf file), this vulnerability could allow the listing of\n arbitrary files outside module's path and allow file overwriting\n outside module's path on rsync server configurations that allows\n uploading. Both possibilities are exposed only when chroot option is\n disabled.\n \nWorkaround :\n\n You should never set the rsync daemon to run with 'use chroot = false'.\"\n );\n # http://samba.org/rsync/#security_aug04\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rsync.samba.org/#security_aug04\"\n );\n # http://lists.samba.org/archive/rsync-announce/2004/000017.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.samba.org/archive/rsync-announce/2004/000017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200408-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users should update to the latest version of the rsync package.\n # emerge sync\n # emerge -pv '>=net-misc/rsync-2.6.0-r3'\n # emerge '>=net-misc/rsync-2.6.0-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/rsync\", unaffected:make_list(\"ge 2.6.0-r3\"), vulnerable:make_list(\"le 2.6.0-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-07T10:40:43", "description": "An rsync security advisory reports :\n\nThere is a path-sanitizing bug that affects daemon mode in all recent\nrsync versions (including 2.6.2) but only if chroot is disabled.\n\nThe bug may allow a remote user to access files outside of an rsync\nmodule's configured path with the privileges configured for that\nmodule.", "edition": 28, "published": "2005-07-13T00:00:00", "title": "FreeBSD : rsync -- path sanitizing vulnerability (2689f4cb-ec4c-11d8-9440-000347a4fa7d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "modified": "2005-07-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rsync", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_2689F4CBEC4C11D89440000347A4FA7D.NASL", "href": "https://www.tenable.com/plugins/nessus/18874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18874);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0792\");\n script_xref(name:\"Secunia\", value:\"12294\");\n\n script_name(english:\"FreeBSD : rsync -- path sanitizing vulnerability (2689f4cb-ec4c-11d8-9440-000347a4fa7d)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An rsync security advisory reports :\n\nThere is a path-sanitizing bug that affects daemon mode in all recent\nrsync versions (including 2.6.2) but only if chroot is disabled.\n\nThe bug may allow a remote user to access files outside of an rsync\nmodule's configured path with the privileges configured for that\nmodule.\"\n );\n # http://samba.org/rsync/#security_aug04\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rsync.samba.org/#security_aug04\"\n );\n # http://lists.samba.org/archive/rsync-announce/2004/000017.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.samba.org/archive/rsync-announce/2004/000017.html\"\n );\n # https://vuxml.freebsd.org/freebsd/2689f4cb-ec4c-11d8-9440-000347a4fa7d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5e446c3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rsync<2.6.2_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T05:31:19", "description": "An information disclosure vulnerability exists in rsync due to\nimproper validation of user-supplied input to the sanitize_path()\nfunction. An unauthenticated, remote attacker can exploit this, via\na specially crafted path, to generated an absolute filename in place\nof a relative filename, resulting the disclosure of arbitrary files.\nHowever, successful exploitation requires that the rsync daemon is not\nrunning chrooted.\n\nNote that since rsync does not advertise its version number and since\nthere are few details about this flaw at this time, this might be a\nfalse positive.", "edition": 22, "published": "2004-08-16T00:00:00", "title": "rsync sanitize_path() Function Arbitrary File Disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "RSYNC_PATH_SANITATION_VULN.NASL", "href": "https://www.tenable.com/plugins/nessus/14223", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14223);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/07/27 18:38:14\");\n\n script_cve_id(\"CVE-2004-0792\");\n script_bugtraq_id(10938);\n\n script_name(english:\"rsync sanitize_path() Function Arbitrary File Disclosure\");\n script_summary(english:\"Determines if rsync is running.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary files can be accessed from the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"An information disclosure vulnerability exists in rsync due to\nimproper validation of user-supplied input to the sanitize_path()\nfunction. An unauthenticated, remote attacker can exploit this, via\na specially crafted path, to generated an absolute filename in place\nof a relative filename, resulting the disclosure of arbitrary files.\nHowever, successful exploitation requires that the rsync daemon is not\nrunning chrooted.\n\nNote that since rsync does not advertise its version number and since\nthere are few details about this flaw at this time, this might be a\nfalse positive.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to rsync version 2.6.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"rsync_modules.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/rsyncd\", 873);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n\nport = get_kb_item(\"Services/rsyncd\");\nif(!port)port = 873;\nif(!get_port_state(port))exit(0);\n\n\nwelcome = get_kb_item(\"rsyncd/\" + port + \"/banner\");\nif ( ! welcome )\n{\n soc = open_sock_tcp(port);\n if(!soc)exit(0);\n welcome = recv_line(socket:soc, length:4096);\n if(!welcome)exit(0);\n}\n\n\n\n\n#\n# rsyncd speaking protocol 28 are not vulnerable\n#\n\nif(ereg(pattern:\"@RSYNCD: (1[0-9]|2[0-8])\", string:welcome))\n{\n security_warning(port);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-17T09:10:16", "description": "New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, and -current to a fix security issue when rsync is run as a\nnon-chrooted server.", "edition": 24, "published": "2005-07-13T00:00:00", "title": "Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : rsync (SSA:2004-285-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "modified": "2005-07-13T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:rsync", "cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2004-285-01.NASL", "href": "https://www.tenable.com/plugins/nessus/18780", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2004-285-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18780);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0792\");\n script_xref(name:\"SSA\", value:\"2004-285-01\");\n\n script_name(english:\"Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : rsync (SSA:2004-285-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, and -current to a fix security issue when rsync is run as a\nnon-chrooted server.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.431578\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?847b3c34\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rsync package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"rsync\", pkgver:\"2.6.3\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"rsync\", pkgver:\"2.6.3\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"rsync\", pkgver:\"2.6.3\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"rsync\", pkgver:\"2.6.3\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"rsync\", pkgver:\"2.6.3\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-17T13:05:20", "description": "An updated rsync package that fixes a path sanitizing bug is now\navailable.\n\nThe rsync program synchronizes files over a network.\n\nVersions of rsync up to and including version 2.6.2 contain a path\nsanitization issue. This issue could allow an attacker to read or\nwrite files outside of the rsync directory. This vulnerability is only\nexploitable when an rsync server is enabled and is not running within\na chroot. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0792 to this issue.\n\nUsers of rsync are advised to upgrade to this updated package, which\ncontains a backported patch and is not affected by this issue.", "edition": 27, "published": "2004-09-01T00:00:00", "title": "RHEL 2.1 / 3 : rsync (RHSA-2004:436)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0792"], "modified": "2004-09-01T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:rsync"], "id": "REDHAT-RHSA-2004-436.NASL", "href": "https://www.tenable.com/plugins/nessus/14623", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:436. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14623);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0792\");\n script_xref(name:\"RHSA\", value:\"2004:436\");\n\n script_name(english:\"RHEL 2.1 / 3 : rsync (RHSA-2004:436)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rsync package that fixes a path sanitizing bug is now\navailable.\n\nThe rsync program synchronizes files over a network.\n\nVersions of rsync up to and including version 2.6.2 contain a path\nsanitization issue. This issue could allow an attacker to read or\nwrite files outside of the rsync directory. This vulnerability is only\nexploitable when an rsync server is enabled and is not running within\na chroot. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0792 to this issue.\n\nUsers of rsync are advised to upgrade to this updated package, which\ncontains a backported patch and is not affected by this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rsync.samba.org/#security_aug04\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:436\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rsync package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:436\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"rsync-2.5.7-3.21AS.1\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"rsync-2.5.7-5.3E\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0792"], "edition": 1, "description": "### Background\n\nrsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. \n\n### Description\n\nThe paths sent by the rsync client are not checked thoroughly enough. It does not affect the normal send/receive filenames that specify what files should be transferred. It does affect certain option paths that cause auxilliary files to be read or written. \n\n### Impact\n\nWhen rsyncd is used without chroot (\"use chroot = false\" in the rsyncd.conf file), this vulnerability could allow the listing of arbitrary files outside module's path and allow file overwriting outside module's path on rsync server configurations that allows uploading. Both possibilities are exposed only when chroot option is disabled. \n\n### Workaround\n\nYou should never set the rsync daemon to run with \"use chroot = false\". \n\n### Resolution\n\nAll users should update to the latest version of the rsync package. \n \n \n # emerge sync\n \n # emerge -pv \">=net-misc/rsync-2.6.0-r3\"\n # emerge \">=net-misc/rsync-2.6.0-r3\"", "modified": "2006-05-22T00:00:00", "published": "2004-08-17T00:00:00", "id": "GLSA-200408-17", "href": "https://security.gentoo.org/glsa/200408-17", "type": "gentoo", "title": "rsync: Potential information leakage", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0792"], "description": "\nAn rsync security advisory reports:\n\nThere is a path-sanitizing bug that affects daemon mode in\n\t all recent rsync versions (including 2.6.2) but only if\n\t chroot is disabled.\n\nThe bug may allow a remote user to access files outside\n\t of an rsync module's configured path with the privileges\n\t configured for that module.\n", "edition": 4, "modified": "2004-08-12T00:00:00", "published": "2004-08-12T00:00:00", "id": "2689F4CB-EC4C-11D8-9440-000347A4FA7D", "href": "https://vuxml.freebsd.org/freebsd/2689f4cb-ec4c-11d8-9440-000347a4fa7d.html", "title": "rsync -- path sanitizing vulnerability", "type": "freebsd", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}]}