2466 matches found
CVE-2004-2093
Buffer overflow in the opensocketout function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service crash and possibly execute arbitrary code via a long RSYNCPROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional...
CVE-2004-2093
Buffer overflow in the open_socket_out function of rsync’s socket.c affects rsync 2.5.7 and earlier. A long RSYNC_PROXY environment variable can allow a local user to crash the process and potentially execute arbitrary code. Since rsync is not setuid, the impact is limited to privileges already a...
rsnapshot: Local privilege escalation
Background rsnapshot is a filesystem snapshot utility based on rsync, allowing local and remote systems backups. Description The copysymlink subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself. Impact Under certain...
[Full-disclosure] rsnapshot Security Advisory 001
============================================================================ rsnapshot Security Advisory 001 [email protected] http://www.rsnapshot.org/security/ Apr 10th, 2005 Nathan Rosenquist ============================================================================ Severity: high...
CVE-2004-0792
Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...
CVE-2004-0792
Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal. Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Remediation There is no fixed version f...
CVE-2004-0792
Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...
DEBIAN-CVE-2004-0792
Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...
[slackware-security] rsync
New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to a fix security issue when rsync is run as a non-chrooted server. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...
Debian DSA-404-1 : rsync - heap overflow
The rsync team has received evidence that a vulnerability in all versions of rsync prior to 2.5.7, a fast remote file copy program, was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server. While this heap overflow vulnerability could...
Debian DSA-106-2 : rsync - remote exploit
Sebastian Krahmer found several places in rsync a popular tool to synchronise files between machines where signed and unsigned numbers were mixed which resulted in insecure code see securityfocus.com. This could be abused by remote users to write 0-bytes in rsync's memory and trick rsync into...
Debian DSA-538-1 : rsync - unsanitised input processing
The rsync developers have discovered a security related problem in rsync, a fast remote file copy program, which offers an attacker to access files outside of the defined directory. To exploit this path-sanitizing bug, rsync has to run in daemon mode with the chroot option being disabled. It does...
Debian DSA-499-2 : rsync - directory traversal
A vulnerability was discovered in rsync, a file transfer program, whereby a remote user could cause an rsync daemon to write files outside of the intended directory tree. This vulnerability is not exploitable when the daemon is configured with the 'chroot' option. %NASLMINLEVEL 70300 C Tenable...
Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)
The remote host is missing Security Update 2004-09-07. This security update fixes the following components : - CoreFoundation - IPSec - Kerberos - libpcap - lukemftpd - NetworkConfig - OpenLDAP - OpenSSH - PPPDialer - rsync - Safari - tcpdump These applications contain multiple vulnerabilities th...
Moderate: Red Hat Security Advisory: rsync security update
An updated rsync package that fixes a path sanitizing bug is now available. The rsync program synchronizes files over a network. Versions of rsync up to and including version 2.6.2 contain a path sanitization issue. This issue could allow an attacker to read or write files outside of the rsync...
security flaw
Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...
RHEL 2.1 / 3 : rsync (RHSA-2004:436)
An updated rsync package that fixes a path sanitizing bug is now available. The rsync program synchronizes files over a network. Versions of rsync up to and including version 2.6.2 contain a path sanitization issue. This issue could allow an attacker to read or write files outside of the rsync...
GLSA-200407-10 : rsync: Directory traversal in rsync daemon
The remote host is affected by the vulnerability described in GLSA-200407-10 rsync: Directory traversal in rsync daemon When rsyncd is used without chroot 'use chroot = false' in the rsyncd.conf file, the paths sent by the client are not checked thoroughly enough. If rsyncd is used with read-writ...
GLSA-200408-17 : rsync: Potential information leakage
The remote host is affected by the vulnerability described in GLSA-200408-17 rsync: Potential information leakage The paths sent by the rsync client are not checked thoroughly enough. It does not affect the normal send/receive filenames that specify what files should be transferred. It does affec...