2463 matches found
Mandrake Linux Security Advisory : rsync (MDKSA-2002:009)
Sebastian Krahmer of the SuSE Security Team performed an audit on the rsync tool and discovered that in several places signed and unsigned numbers were mixed, with the end result being insecure code. These flaws could be abused by remote users to write 0 bytes into rsync's memory and trick rsync...
SuSE-SA:2003:050: rsync
The remote host is missing the patch for the advisory SuSE-SA:2003:050 rsync. The rsync suite provides client and server tools to easily support an administrator keeping the files of different machines in sync. In most private networks the rsync client tool is used via SSH to fulfill his tasks. I...
Fedora Core 1 : rsync-2.5.7-2 (2003-030)
A heap overflow bug exists in rsync versions prior to 2.5.7. On machines where the rsync server has been enabled, a remote attacker could use this flaw to execute arbitrary code as an unprivileged user. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name...
Fedora Core 1 : rsync-2.5.7-5.fc1 (2004-116)
Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to write files outside of the module's 'path', depending on the privileges assigned to the rsync daemon. Users not running an rsync daemon, running a...
rsync: Directory traversal in rsync daemon
Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description When rsyncd is used...
CVE-2004-0426
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...
CVE-2004-0426
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...
FreeBSD : rsync buffer overflow in server mode (167)
The following package needs to be updated: rsync %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg5729b8ed5d7511d880e30020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...
FreeBSD : rsync path traversal issue (168)
The following package needs to be updated: rsync %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg73ea07069c5711d893660020ed76ef5a.nasl. Disabled on 2011/10/01. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...
RHEL 2.1 / 3 : rsync (RHSA-2004:192)
An updated rsync package that fixes a directory traversal security flaw is now available. Rsync is a program for synchronizing files over a network. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to wri...
RHEL 2.1 / 3 : rsync (RHSA-2003:399)
Updated rsync packages are now available that fix a heap overflow in the Rsync server. rsync is a program for sychronizing files over the network. A heap overflow bug exists in rsync versions prior to 2.5.7. On machines where the rsync server has been enabled, a remote attacker could use this fla...
[SECURITY] [DSA 499-2] New rsync packages fix directory traversal bug
-------------------------------------------------------------------------- Debian Security Advisory DSA 499-2 [email protected] http://www.debian.org/security/ Matt Zimmerman June 2nd, 2004 http://www.debian.org/security/faq -...
security flaw
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...
Important: Red Hat Security Advisory: rsync security update
An updated rsync package that fixes a directory traversal security flaw is now available. Rsync is a program for synchronizing files over a network. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to wri...
rsync Traversal Arbitrary File Creation
The remote rsync server might be vulnerable to a path traversal issue. An attacker may use this flaw to gain access to arbitrary files hosted outside of a module directory. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid12230; scriptversion "1.15";...
rsync update
New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away and...
[SECURITY] [DSA 499-1] New rsync packages fix directory traversal bug
-------------------------------------------------------------------------- Debian Security Advisory DSA 499-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 1st, 2004 http://www.debian.org/security/faq -...
[Full-Disclosure] [SECURITY] [DSA 499-1] New rsync packages fix directory traversal bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 499-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 1st, 2004 http://www.debian.org/security/faq -...
DSA-499 rsync - directory traversal
Bulletin has no description...
CVE-2004-0426
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...