2466 matches found
CVE-2006-2083
Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow...
Integer overflow
Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow...
CVE-2006-2083
Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow...
CVE-2006-2083
CVE-2006-2083 affects rsync before 2.6.8. An integer overflow in the receive_xattr function (xattr.c) with the extended attributes patch can trigger a buffer overflow, potentially allowing arbitrary code execution. Connected advisories confirm the issue and indicate upgrading to 2.6.8 (or applyin...
CVE-2006-1320
util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf...
CVE-2006-1320
util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf...
CVE-2006-1320
Removed by vendor...
Mac OS X Multiple Vulnerabilities (Security Update 2006-002)
The remote host is running Apple Mac OS X, but lacks Security Update 2006-002. This security update contains fixes for the following applications : apachemodphp CoreTypes LaunchServices Mail Safari rsync C Tenable Network Security, Inc. include"compat.inc"; if description scriptid21073;...
CVE-2005-3712
CVE-2005-3712 is a heap-based buffer overflow in rsync affecting Mac OS X 10.4 through 10.4.5. The issue allows remote authenticated users to execute arbitrary code via long extended attributes. The Connected documents confirm the affected platform (Mac OS X 10.4.x) and component (rsync) with the...
CVE-2005-3712
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes...
Mac OS X Multiple Vulnerabilities (Security Update 2006-001)
The remote host is running Apple Mac OS X, but lacks Security Update 2006-001. This security update contains fixes for the following applications : apachemodphp automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication C Tenable Network...
GLSA-200512-17 : scponly: Multiple privilege escalation issues
The remote host is affected by the vulnerability described in GLSA-200512-17 scponly: Multiple privilege escalation issues Max Vozeler discovered that the scponlyc command allows users to chroot into arbitrary directories. Furthermore, Pekka Pessi reported that scponly insufficiently validates...
scponly -- local privilege escalation exploits
Max Vozeler reports: If ALL the following conditions are true, administrators using scponly-4.1 or older may be at risk of a local privilege escalation exploit: the chrooted setuid scponlyc binary is installed regular non-scponly users have interactive shell access to the box a user executable...
rsync path sanitation vulnerability
A vulnerability has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. rsync is a software product for keeping files synched across multiple systems. Rsync is a network-based program and typically communicates ove...
rsync path sanitation vulnerability
A vulnerability has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Slackware 8.1 / 9.0 / 9.1 / current : rsync update (SSA:2004-124-01)
New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away and...
Slackware 8.1 / 9.0 / 9.1 / current : rsync security update (SSA:2003-337-01)
Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, and is easier to exploit if the non-default option 'use chroo...
FreeBSD : rsync -- path sanitizing vulnerability (2689f4cb-ec4c-11d8-9440-000347a4fa7d)
An rsync security advisory reports : There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for...
Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : rsync (SSA:2004-285-01)
New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to a fix security issue when rsync is run as a non-chrooted server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware...
CVE-2004-2093
Buffer overflow in the open_socket_out function of rsync’s socket.c affects rsync 2.5.7 and earlier. A long RSYNC_PROXY environment variable can allow a local user to crash the process and potentially execute arbitrary code. Since rsync is not setuid, the impact is limited to privileges already a...