2466 matches found
Design/Logic Flaw
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...
Design/Logic Flaw
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...
CVE-2007-6200
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...
CVE-2007-6200
CVE-2007-6200 affects rsync prior to 3.0.0pre6. When running a writable rsync daemon, it allows remote attackers to bypass exclude, exclude_from, and filter options and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and (4) dest options. The initial documents do not ...
CVE-2007-6199
CVE-2007-6199 affects rsync before 3.0.0pre6 where a writable rsync daemon not using chroot can be tricked into creating a symlink outside the module hierarchy, allowing remote access to restricted files. Available connected documents confirm the vulnerability details and note fixes in rsync upda...
CVE-2007-6199
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...
CVE-2007-6199
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...
CVE-2007-6200
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...
Ubuntu 6.06 LTS / 6.10 / 7.04 : rsync vulnerability (USN-500-1)
Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to...
openSUSE 10 Security Update : rsync (rsync-3996)
An off by one buffer overflow within the fname function has been fixed. CVE-2007-4091 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update rsync-3996. The text...
GLSA-200709-13 : rsync: Two buffer overflows
The remote host is affected by the vulnerability described in GLSA-200709-13 rsync: Two buffer overflows Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function 'fname' in file sender.c when processing overly long directory names. Impact : A remote attacker...
rsync: Two buffer overflows
Background rsync is a file transfer program to keep remote directories synchronized. Description Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function "fname" in file sender.c when processing overly long directory names. Impact A remote attacker could enti...
[slackware-security] openssh
New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix a possible security issue. This version should also provide increased performance with certain ciphers. More details about this issue may be found in the Common Vulnerabilities and Exposures CV...
Debian DSA-1360-1 : rsync - buffer overflow
Sebastian Krahmer discovered that rsync, a fast remote file copy program, contains an off-by-one error which might allow remote attackers to execute arbitrary code via long directory names. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
[SECURITY] [DSA 1360-1] New rsync packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1360 [email protected] http://www.debian.org/security/ Steve Kemp August 28th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
DSA-1360-1 rsync - arbitrary code execution
Bulletin has no description...
FreeBSD : rsync -- off by one stack overflow (af8e3a0c-5009-11dc-8a43-003048705d5a)
BugTraq reports : The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input. Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility...
[ MDKSA-2007:166 ] - Updated rsync packages fix off-by-one buffer overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:166 http://www.mandriva.com/security/ Package : rsync Date : August 18, 2007 Affected: 2007.0, 2007.1, Corporate 4.0 Problem Description: Sebastian Krahmer of the SUSE Security Team discovered an off-by-one...
Rsync off-by-one buffer overflow
Multiple off-by-on overflows...
USN-500-1: rsync vulnerability
Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to...