Lucene search
K

2463 matches found

Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.10 views

rsync < 2.5.2 Signedness Error Array Overflow

Binary data 1897.prm...

10CVSS7.3AI score0.34016EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.20 views

rsync < 2.6.1 Traversal Arbitrary File Creation

Binary data 1216.prm...

5CVSS7.3AI score0.03404EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.13 views

Rsync < 2.6.3 Sanitize_path Function Module Path Escaping

Binary data 1965.prm...

6.4CVSS7.3AI score0.02317EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.10 views

Fedora Core 2 : rsync-2.6.2-1.fc2.0 (2004-269)

This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot. For more information see http://samba.org/rsync/securityaug04 Note that Tenable Network Security has extracted the preceding description block directly from...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.15 views

Fedora Core 1 : rsync-2.5.7-5.fc1.1 (2004-268)

This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot. For more information see http://samba.org/rsync/securityaug04 Note that Tenable Network Security has extracted the preceding description block directly from...

5.5AI score
Exploits0References2
Cvelist
Cvelist
added 2004/08/18 4:0 a.m.15 views

CVE-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...

6.1AI score0.02317EPSS
Exploits0References9
CVE
CVE
added 2004/08/18 4:0 a.m.98 views

CVE-2004-0792

CVE-2004-0792 describes a directory traversal in rsync 2.6.2 and earlier, via the sanitize_path function in util.c, when chroot is disabled. The vulnerability allows reading or writing certain files. Exploitation details are not provided in the documents beyond this description, and no remediatio...

6.4CVSS6.1AI score0.02317EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2004/08/18 4:0 a.m.17 views

CVE-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...

6.4CVSS6.3AI score0.02317EPSS
Exploits0
Debian
Debian
added 2004/08/17 7:6 a.m.12 views

[SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access

-------------------------------------------------------------------------- Debian Security Advisory DSA 538-1 [email protected] http://www.debian.org/security/ Martin Schulze August 17th, 2004 http://www.debian.org/security/faq -...

1.2AI score
Exploits0
Debian
Debian
added 2004/08/17 7:6 a.m.22 views

[SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access

-------------------------------------------------------------------------- Debian Security Advisory DSA 538-1 [email protected] http://www.debian.org/security/ Martin Schulze August 17th, 2004 http://www.debian.org/security/faq -...

6.9AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/08/17 12:0 a.m.27 views

rsync: Potential information leakage

Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description The paths sent by t...

6.4CVSS6.3AI score0.02317EPSS
Exploits0
securityvulns
securityvulns
added 2004/08/17 12:0 a.m.29 views

rsync directory traversal

It's possible to bypass directory traversal protection by adding few slashes into path...

3.1AI score
Exploits0References2Affected Software1
OSV
OSV
added 2004/08/17 12:0 a.m.21 views

DSA-538 rsync - unauthorised directory traversal and file access

Bulletin has no description...

6.4CVSS6AI score0.02317EPSS
Exploits0
securityvulns
securityvulns
added 2004/08/17 12:0 a.m.26 views

August 2004 Security Advisory

August 2004 Security Advisory August 12th, 2004 Background There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. It does NOT affect the normal send/receive filenames that specify what files should be transferred this i...

2.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/16 12:0 a.m.22 views

rsync sanitize_path() Function Arbitrary File Disclosure

An information disclosure vulnerability exists in rsync due to improper validation of user-supplied input to the sanitizepath function. An unauthenticated, remote attacker can exploit this, via a specially crafted path, to generated an absolute filename in place of a relative filename, resulting...

6.4CVSS5.8AI score0.02317EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/08/16 12:0 a.m.19 views

SUSE-SA:2004:026: rsync

The remote host is missing the patch for the advisory SUSE-SA:2004:026 rsync. The rsync-team released an advisory about a security problem in rsync. If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute...

5.6AI score
Exploits0
FreeBSD
FreeBSD
added 2004/08/12 12:0 a.m.35 views

rsync -- path sanitizing vulnerability

An rsync security advisory reports: There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for...

6.4CVSS6.4AI score0.02317EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.23 views

Mandrake Linux Security Advisory : rsync (MDKSA-2004:042)

Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. The updated packages provide a patched rsync to correct this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5CVSS5.4AI score0.03404EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.33 views

Mandrake Linux Security Advisory : rsync (MDKSA-2003:111)

A vulnerability was discovered in all versions of rsync prior to 2.5.7 that was recently used in conjunction with the Linux kernel dobrk vulnerability to compromise a public rsync server. This heap overflow vulnerability, by itself, cannot yield root access, however it does allow arbitrary code...

7.5CVSS6AI score0.21157EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.36 views

Mandrake Linux Security Advisory : rsync (MDKSA-2002:024)

Ethan Benson discovered a bug in rsync where the supplementary groups that the rsync daemon runs as such as root would not be removed from the server process after changing to the specified unprivileged uid and gid. This seems only serious if rsync is called using 'rsync --daemon' from the comman...

9.8CVSS8.2AI score0.09511EPSS
Exploits0References3
Rows per page
Query Builder