Lucene search
K

2466 matches found

Prion
Prion
added 2007/12/01 6:46 a.m.20 views

Design/Logic Flaw

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...

10CVSS6.6AI score0.05442EPSS
Exploits0References16Affected Software1
Prion
Prion
added 2007/12/01 6:46 a.m.27 views

Design/Logic Flaw

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...

9.3CVSS6.6AI score0.04136EPSS
Exploits0References17Affected Software1
Cvelist
Cvelist
added 2007/12/01 1:0 a.m.21 views

CVE-2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...

9.3AI score0.05442EPSS
Exploits0References16
CVE
CVE
added 2007/12/01 1:0 a.m.80 views

CVE-2007-6200

CVE-2007-6200 affects rsync prior to 3.0.0pre6. When running a writable rsync daemon, it allows remote attackers to bypass exclude, exclude_from, and filter options and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and (4) dest options. The initial documents do not ...

10CVSS8.6AI score0.05442EPSS
Exploits0References16Affected Software1
CVE
CVE
added 2007/12/01 1:0 a.m.68 views

CVE-2007-6199

CVE-2007-6199 affects rsync before 3.0.0pre6 where a writable rsync daemon not using chroot can be tricked into creating a symlink outside the module hierarchy, allowing remote access to restricted files. Available connected documents confirm the vulnerability details and note fixes in rsync upda...

9.3CVSS9.2AI score0.04136EPSS
Exploits0References17Affected Software1
Cvelist
Cvelist
added 2007/12/01 1:0 a.m.43 views

CVE-2007-6199

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...

9.2AI score0.04136EPSS
Exploits0References17
Debian CVE
Debian CVE
added 2007/12/01 1:0 a.m.31 views

CVE-2007-6199

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...

9.3CVSS6.4AI score0.04136EPSS
Exploits0
Debian CVE
Debian CVE
added 2007/12/01 1:0 a.m.27 views

CVE-2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...

10CVSS6.7AI score0.05442EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.21 views

Ubuntu 6.06 LTS / 6.10 / 7.04 : rsync vulnerability (USN-500-1)

Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to...

6.8CVSS8.6AI score0.03345EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.37 views

openSUSE 10 Security Update : rsync (rsync-3996)

An off by one buffer overflow within the fname function has been fixed. CVE-2007-4091 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update rsync-3996. The text...

6.8CVSS8.2AI score0.03345EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/09/24 12:0 a.m.37 views

GLSA-200709-13 : rsync: Two buffer overflows

The remote host is affected by the vulnerability described in GLSA-200709-13 rsync: Two buffer overflows Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function 'fname' in file sender.c when processing overly long directory names. Impact : A remote attacker...

6.8CVSS8.8AI score0.03345EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2007/09/20 12:0 a.m.23 views

rsync: Two buffer overflows

Background rsync is a file transfer program to keep remote directories synchronized. Description Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function "fname" in file sender.c when processing overly long directory names. Impact A remote attacker could enti...

6.8CVSS7AI score0.03345EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2007/09/12 9:56 p.m.39 views

[slackware-security] openssh

New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix a possible security issue. This version should also provide increased performance with certain ciphers. More details about this issue may be found in the Common Vulnerabilities and Exposures CV...

7.5CVSS6.4AI score0.02374EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/09/03 12:0 a.m.32 views

Debian DSA-1360-1 : rsync - buffer overflow

Sebastian Krahmer discovered that rsync, a fast remote file copy program, contains an off-by-one error which might allow remote attackers to execute arbitrary code via long directory names. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

6.8CVSS8.8AI score0.03345EPSS
Exploits0References2
Debian
Debian
added 2007/08/28 6:7 p.m.25 views

[SECURITY] [DSA 1360-1] New rsync packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1360 [email protected] http://www.debian.org/security/ Steve Kemp August 28th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

6.8CVSS6.5AI score0.03345EPSS
Exploits0
OSV
OSV
added 2007/08/28 12:0 a.m.13 views

DSA-1360-1 rsync - arbitrary code execution

Bulletin has no description...

6.8CVSS6.3AI score0.03345EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/08/28 12:0 a.m.33 views

FreeBSD : rsync -- off by one stack overflow (af8e3a0c-5009-11dc-8a43-003048705d5a)

BugTraq reports : The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input. Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility...

6.8CVSS8.3AI score0.03345EPSS
Exploits0References2
securityvulns
securityvulns
added 2007/08/21 12:0 a.m.61 views

[ MDKSA-2007:166 ] - Updated rsync packages fix off-by-one buffer overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:166 http://www.mandriva.com/security/ Package : rsync Date : August 18, 2007 Affected: 2007.0, 2007.1, Corporate 4.0 Problem Description: Sebastian Krahmer of the SUSE Security Team discovered an off-by-one...

6.8CVSS9.6AI score0.03345EPSS
Exploits0
securityvulns
securityvulns
added 2007/08/21 12:0 a.m.40 views

Rsync off-by-one buffer overflow

Multiple off-by-on overflows...

6.8CVSS4.2AI score0.03345EPSS
Exploits0References1Affected Software1
Ubuntu
Ubuntu
added 2007/08/20 10:37 p.m.45 views

USN-500-1: rsync vulnerability

Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to...

6.8CVSS8.7AI score0.03345EPSS
Exploits0
Rows per page
Query Builder