Lucene search
K

2466 matches found

Cvelist
Cvelist
added 2005/05/19 4:0 a.m.17 views

CVE-2004-2093

Buffer overflow in the opensocketout function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service crash and possibly execute arbitrary code via a long RSYNCPROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional...

7.6AI score0.00998EPSS
Exploits0References2
CVE
CVE
added 2005/05/19 4:0 a.m.35 views

CVE-2004-2093

Buffer overflow in the open_socket_out function of rsync’s socket.c affects rsync 2.5.7 and earlier. A long RSYNC_PROXY environment variable can allow a local user to crash the process and potentially execute arbitrary code. Since rsync is not setuid, the impact is limited to privileges already a...

4.6CVSS7.6AI score0.00998EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2005/04/13 12:0 a.m.19 views

rsnapshot: Local privilege escalation

Background rsnapshot is a filesystem snapshot utility based on rsync, allowing local and remote systems backups. Description The copysymlink subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself. Impact Under certain...

4.6CVSS6.4AI score0.0036EPSS
Exploits0
securityvulns
securityvulns
added 2005/04/11 12:0 a.m.35 views

[Full-disclosure] rsnapshot Security Advisory 001

============================================================================ rsnapshot Security Advisory 001 [email protected] http://www.rsnapshot.org/security/ Apr 10th, 2005 Nathan Rosenquist ============================================================================ Severity: high...

0.7AI score
Exploits0
NVD
NVD
added 2004/10/20 4:0 a.m.9 views

CVE-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...

6.4CVSS6.3AI score0.02317EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2004/10/20 4:0 a.m.25 views

CVE-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...

6.4CVSS5.9AI score0.02317EPSS
Exploits0References1
Snyk
Snyk
added 2004/10/20 4:0 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal. Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Remediation There is no fixed version f...

6.5CVSS6.9AI score0.02317EPSS
Exploits0References2
OSV
OSV
added 2004/10/20 4:0 a.m.7 views

CVE-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...

6.2AI score
Exploits0References11
OSV
OSV
added 2004/10/20 4:0 a.m.2 views

DEBIAN-CVE-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...

6.4CVSS6.9AI score0.02317EPSS
Exploits0References1
Slackware Linux
Slackware Linux
added 2004/10/12 7:33 a.m.18 views

[slackware-security] rsync

New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to a fix security issue when rsync is run as a non-chrooted server. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.28 views

Debian DSA-404-1 : rsync - heap overflow

The rsync team has received evidence that a vulnerability in all versions of rsync prior to 2.5.7, a fast remote file copy program, was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server. While this heap overflow vulnerability could...

7.5CVSS5.5AI score0.21157EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.43 views

Debian DSA-106-2 : rsync - remote exploit

Sebastian Krahmer found several places in rsync a popular tool to synchronise files between machines where signed and unsigned numbers were mixed which resulted in insecure code see securityfocus.com. This could be abused by remote users to write 0-bytes in rsync's memory and trick rsync into...

10CVSS5.8AI score0.34016EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.18 views

Debian DSA-538-1 : rsync - unsanitised input processing

The rsync developers have discovered a security related problem in rsync, a fast remote file copy program, which offers an attacker to access files outside of the defined directory. To exploit this path-sanitizing bug, rsync has to run in daemon mode with the chroot option being disabled. It does...

6.4CVSS5.5AI score0.02317EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.28 views

Debian DSA-499-2 : rsync - directory traversal

A vulnerability was discovered in rsync, a file transfer program, whereby a remote user could cause an rsync daemon to write files outside of the intended directory tree. This vulnerability is not exploitable when the daemon is configured with the 'chroot' option. %NASLMINLEVEL 70300 C Tenable...

5CVSS5.5AI score0.03404EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/09/08 12:0 a.m.65 views

Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)

The remote host is missing Security Update 2004-09-07. This security update fixes the following components : - CoreFoundation - IPSec - Kerberos - libpcap - lukemftpd - NetworkConfig - OpenLDAP - OpenSSH - PPPDialer - rsync - Safari - tcpdump These applications contain multiple vulnerabilities th...

10CVSS8.1AI score0.84784EPSS
Exploits6References18
RedHat Linux
RedHat Linux
added 2004/09/01 6:54 p.m.27 views

Moderate: Red Hat Security Advisory: rsync security update

An updated rsync package that fixes a path sanitizing bug is now available. The rsync program synchronizes files over a network. Versions of rsync up to and including version 2.6.2 contain a path sanitization issue. This issue could allow an attacker to read or write files outside of the rsync...

6.4CVSS5.7AI score0.02317EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2004/09/01 6:54 p.m.5 views

security flaw

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...

6.4CVSS5.8AI score0.02317EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/09/01 12:0 a.m.23 views

RHEL 2.1 / 3 : rsync (RHSA-2004:436)

An updated rsync package that fixes a path sanitizing bug is now available. The rsync program synchronizes files over a network. Versions of rsync up to and including version 2.6.2 contain a path sanitization issue. This issue could allow an attacker to read or write files outside of the rsync...

6.4CVSS5.3AI score0.02317EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.22 views

GLSA-200407-10 : rsync: Directory traversal in rsync daemon

The remote host is affected by the vulnerability described in GLSA-200407-10 rsync: Directory traversal in rsync daemon When rsyncd is used without chroot 'use chroot = false' in the rsyncd.conf file, the paths sent by the client are not checked thoroughly enough. If rsyncd is used with read-writ...

5CVSS5.6AI score0.03404EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.22 views

GLSA-200408-17 : rsync: Potential information leakage

The remote host is affected by the vulnerability described in GLSA-200408-17 rsync: Potential information leakage The paths sent by the rsync client are not checked thoroughly enough. It does not affect the normal send/receive filenames that specify what files should be transferred. It does affec...

6.4CVSS5.7AI score0.02317EPSS
Exploits0References4
Rows per page
Query Builder