Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-500-1
HistoryAug 20, 2007 - 12:00 a.m.

rsync vulnerability

2007-08-2000:00:00
ubuntu.com
29

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.181

Percentile

96.2%

JSON

Releases

  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06

Details

Sebastian Krahmer discovered that rsync contained an off-by-one
miscalculation when handling certain file paths. By creating a specially
crafted tree of files and tricking an rsync server into processing them,
a remote attacker could write a single NULL to stack memory, possibly
leading to arbitrary code execution.

OSVersionArchitecturePackageVersionFilename
Ubuntu7.04noarchrsync< 2.6.9-3ubuntu1.1UNKNOWN
Ubuntu6.10noarchrsync< 2.6.8-2ubuntu3.1UNKNOWN
Ubuntu6.06noarchrsync< 2.6.6-1ubuntu2.1UNKNOWN

Related

nessus 8
openvas 14
f5 2
prion 1
cvelist 1
securityvulns 2
gentoo 1
ubuntucve 1
cve 1
slackware 1
debian 1
debiancve 1
nvd 1
freebsd 1
osv 1
nessus
nessus
SuSE 10 Security Update : rsync (ZYPP Patch Number 3997)
2007-12-13 00:00:00
Debian DSA-1360-1 : rsync - buffer overflow
2007-09-03 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : rsync (SSA:2007-335-01)
2007-12-04 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2007-335-01)
2012-09-10 00:00:00
Mandriva Update for rsync MDKSA-2007:166 (rsync)
2009-04-09 00:00:00
Gentoo Security Advisory GLSA 200709-13 (rsync)
2008-09-24 00:00:00
f5
f5
K15548 : Rsync sender.c vulnerability CVE-2007-4091
2015-04-29 00:00:00
SOL15548 - Rsync sender.c vulnerability CVE-2007-4091
2014-09-04 00:00:00
prion
prion
Code injection
2007-08-16 00:17:00
cvelist
cvelist
CVE-2007-4091
2007-08-16 00:00:00
securityvulns
securityvulns
[ MDKSA-2007:166 ] - Updated rsync packages fix off-by-one buffer overflow
2007-08-21 00:00:00
Rsync off-by-one buffer overflow
2007-08-21 00:00:00
gentoo
gentoo
rsync: Two buffer overflows
2007-09-20 00:00:00
ubuntucve
ubuntucve
CVE-2007-4091
2007-08-16 00:00:00
cve
cve
CVE-2007-4091
2007-08-16 00:17:00
slackware
slackware
[slackware-security] rsync
2007-12-02 03:11:40
debian
debian
[SECURITY] [DSA 1360-1] New rsync packages fix arbitrary code execution
2007-08-28 18:07:55
debiancve
debiancve
CVE-2007-4091
2007-08-16 00:17:00
nvd
nvd
CVE-2007-4091
2007-08-16 00:17:00
freebsd
freebsd
rsync -- off by one stack overflow
2007-08-15 00:00:00
osv
osv
rsync-3.2.3-2.6 on GA media
2024-06-15 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.181

Percentile

96.2%

JSON
Related for USN-500-1
nessus8openvas14f52prion1cvelist1securityvulns2gentoo1ubuntucve1cve1slackware1debian1debiancve1nvd1freebsd1osv1