2463 matches found
rsync < 2.5.2 Signedness Error Array Overflow
Binary data 1897.prm...
rsync < 2.6.1 Traversal Arbitrary File Creation
Binary data 1216.prm...
Rsync < 2.6.3 Sanitize_path Function Module Path Escaping
Binary data 1965.prm...
Fedora Core 2 : rsync-2.6.2-1.fc2.0 (2004-269)
This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot. For more information see http://samba.org/rsync/securityaug04 Note that Tenable Network Security has extracted the preceding description block directly from...
Fedora Core 1 : rsync-2.5.7-5.fc1.1 (2004-268)
This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot. For more information see http://samba.org/rsync/securityaug04 Note that Tenable Network Security has extracted the preceding description block directly from...
CVE-2004-0792
Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...
CVE-2004-0792
CVE-2004-0792 describes a directory traversal in rsync 2.6.2 and earlier, via the sanitize_path function in util.c, when chroot is disabled. The vulnerability allows reading or writing certain files. Exploitation details are not provided in the documents beyond this description, and no remediatio...
CVE-2004-0792
Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...
[SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access
-------------------------------------------------------------------------- Debian Security Advisory DSA 538-1 [email protected] http://www.debian.org/security/ Martin Schulze August 17th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access
-------------------------------------------------------------------------- Debian Security Advisory DSA 538-1 [email protected] http://www.debian.org/security/ Martin Schulze August 17th, 2004 http://www.debian.org/security/faq -...
rsync: Potential information leakage
Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description The paths sent by t...
rsync directory traversal
It's possible to bypass directory traversal protection by adding few slashes into path...
DSA-538 rsync - unauthorised directory traversal and file access
Bulletin has no description...
August 2004 Security Advisory
August 2004 Security Advisory August 12th, 2004 Background There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. It does NOT affect the normal send/receive filenames that specify what files should be transferred this i...
rsync sanitize_path() Function Arbitrary File Disclosure
An information disclosure vulnerability exists in rsync due to improper validation of user-supplied input to the sanitizepath function. An unauthenticated, remote attacker can exploit this, via a specially crafted path, to generated an absolute filename in place of a relative filename, resulting...
SUSE-SA:2004:026: rsync
The remote host is missing the patch for the advisory SUSE-SA:2004:026 rsync. The rsync-team released an advisory about a security problem in rsync. If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute...
rsync -- path sanitizing vulnerability
An rsync security advisory reports: There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for...
Mandrake Linux Security Advisory : rsync (MDKSA-2004:042)
Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. The updated packages provide a patched rsync to correct this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Mandrake Linux Security Advisory : rsync (MDKSA-2003:111)
A vulnerability was discovered in all versions of rsync prior to 2.5.7 that was recently used in conjunction with the Linux kernel dobrk vulnerability to compromise a public rsync server. This heap overflow vulnerability, by itself, cannot yield root access, however it does allow arbitrary code...
Mandrake Linux Security Advisory : rsync (MDKSA-2002:024)
Ethan Benson discovered a bug in rsync where the supplementary groups that the rsync daemon runs as such as root would not be removed from the server process after changing to the specified unprivileged uid and gid. This seems only serious if rsync is called using 'rsync --daemon' from the comman...