5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.035 Low
EPSS
Percentile
90.6%
Rsync is a program for synchronizing files over a network.
Rsync before 2.6.1 does not properly sanitize paths when running a
read/write daemon without using chroot. This could allow a remote attacker
to write files outside of the module’s “path”, depending on the privileges
assigned to the rsync daemon. Users not running an rsync daemon, running a
read-only daemon, or running a chrooted daemon are not affected by this
issue. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0426 to this issue.
Users of Rsync are advised to upgrade to this updated package, which
contains a backported patch and is not affected by this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc64 | rsync | < 2.5.7-4.3E | rsync-2.5.7-4.3E.ppc64.rpm |
RedHat | any | ia64 | rsync | < 2.5.7-4.3E | rsync-2.5.7-4.3E.ia64.rpm |
RedHat | any | s390 | rsync | < 2.5.7-4.3E | rsync-2.5.7-4.3E.s390.rpm |
RedHat | any | i386 | rsync | < 2.5.7-4.3E | rsync-2.5.7-4.3E.i386.rpm |
RedHat | any | s390x | rsync | < 2.5.7-4.3E | rsync-2.5.7-4.3E.s390x.rpm |
RedHat | any | x86_64 | rsync | < 2.5.7-4.3E | rsync-2.5.7-4.3E.x86_64.rpm |
RedHat | any | ia64 | rsync | < 2.5.7-3.21AS | rsync-2.5.7-3.21AS.ia64.rpm |
RedHat | any | i386 | rsync | < 2.5.7-3.21AS | rsync-2.5.7-3.21AS.i386.rpm |
RedHat | any | ppc | rsync | < 2.5.7-4.3E | rsync-2.5.7-4.3E.ppc.rpm |