Lucene search
K

2466 matches found

UbuntuCve
UbuntuCve
added 2006/04/28 9:2 p.m.28 views

CVE-2006-2083

Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow...

7.5CVSS6AI score0.03633EPSS
Exploits0References1
Prion
Prion
added 2006/04/28 9:2 p.m.19 views

Integer overflow

Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow...

7.5CVSS8.1AI score0.03633EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2006/04/28 9:0 p.m.26 views

CVE-2006-2083

Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow...

7.6AI score0.03633EPSS
Exploits0References9
CVE
CVE
added 2006/04/28 9:0 p.m.58 views

CVE-2006-2083

CVE-2006-2083 affects rsync before 2.6.8. An integer overflow in the receive_xattr function (xattr.c) with the extended attributes patch can trigger a buffer overflow, potentially allowing arbitrary code execution. Connected advisories confirm the issue and indicate upgrading to 2.6.8 (or applyin...

7.5CVSS7.5AI score0.03633EPSS
Exploits0References9Affected Software1
UbuntuCve
UbuntuCve
added 2006/03/20 11:2 a.m.20 views

CVE-2006-1320

util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf...

7.5CVSS5.9AI score0.01858EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/03/20 11:0 a.m.20 views

CVE-2006-1320

util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf...

6.3AI score0.01858EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2006/03/20 11:0 a.m.13 views

CVE-2006-1320

Removed by vendor...

7.5CVSS6.7AI score0.01858EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/03/14 12:0 a.m.35 views

Mac OS X Multiple Vulnerabilities (Security Update 2006-002)

The remote host is running Apple Mac OS X, but lacks Security Update 2006-002. This security update contains fixes for the following applications : apachemodphp CoreTypes LaunchServices Mail Safari rsync C Tenable Network Security, Inc. include"compat.inc"; if description scriptid21073;...

7.5CVSS5.4AI score0.10835EPSS
Exploits1References6
CVE
CVE
added 2006/03/02 7:0 p.m.57 views

CVE-2005-3712

CVE-2005-3712 is a heap-based buffer overflow in rsync affecting Mac OS X 10.4 through 10.4.5. The issue allows remote authenticated users to execute arbitrary code via long extended attributes. The Connected documents confirm the affected platform (Mac OS X 10.4.x) and component (rsync) with the...

6.5CVSS7.8AI score0.03695EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2006/03/02 7:0 p.m.21 views

CVE-2005-3712

Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes...

7.8AI score0.03695EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2006/03/02 12:0 a.m.43 views

Mac OS X Multiple Vulnerabilities (Security Update 2006-001)

The remote host is running Apple Mac OS X, but lacks Security Update 2006-001. This security update contains fixes for the following applications : apachemodphp automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication C Tenable Network...

7.8CVSS8.3AI score0.58105EPSS
Exploits16References20
Tenable Nessus
Tenable Nessus
added 2005/12/30 12:0 a.m.16 views

GLSA-200512-17 : scponly: Multiple privilege escalation issues

The remote host is affected by the vulnerability described in GLSA-200512-17 scponly: Multiple privilege escalation issues Max Vozeler discovered that the scponlyc command allows users to chroot into arbitrary directories. Furthermore, Pekka Pessi reported that scponly insufficiently validates...

7.5CVSS5.9AI score0.01456EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2005/12/21 12:0 a.m.21 views

scponly -- local privilege escalation exploits

Max Vozeler reports: If ALL the following conditions are true, administrators using scponly-4.1 or older may be at risk of a local privilege escalation exploit: the chrooted setuid scponlyc binary is installed regular non-scponly users have interactive shell access to the box a user executable...

2AI score
Exploits0References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.24 views

rsync path sanitation vulnerability

A vulnerability has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. rsync is a software product for keeping files synched across multiple systems. Rsync is a network-based program and typically communicates ove...

6.4CVSS0.2AI score0.02317EPSS
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.14 views

rsync path sanitation vulnerability

A vulnerability has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

6.4CVSS6.2AI score0.02317EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.22 views

Slackware 8.1 / 9.0 / 9.1 / current : rsync update (SSA:2004-124-01)

New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away and...

5CVSS5.3AI score0.03404EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.13 views

Slackware 8.1 / 9.0 / 9.1 / current : rsync security update (SSA:2003-337-01)

Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, and is easier to exploit if the non-default option 'use chroo...

6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.20 views

FreeBSD : rsync -- path sanitizing vulnerability (2689f4cb-ec4c-11d8-9440-000347a4fa7d)

An rsync security advisory reports : There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for...

6.4CVSS5.4AI score0.02317EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.19 views

Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : rsync (SSA:2004-285-01)

New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to a fix security issue when rsync is run as a non-chrooted server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware...

6.4CVSS5.3AI score0.02317EPSS
Exploits0References2
CVE
CVE
added 2005/05/19 4:0 a.m.35 views

CVE-2004-2093

Buffer overflow in the open_socket_out function of rsync’s socket.c affects rsync 2.5.7 and earlier. A long RSYNC_PROXY environment variable can allow a local user to crash the process and potentially execute arbitrary code. Since rsync is not setuid, the impact is limited to privileges already a...

4.6CVSS7.6AI score0.00998EPSS
Exploits0References2
Rows per page
Query Builder