Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0426

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0426
Last Modified 21 Aug 2010 12:20:27
Published 07 Jul 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0426

Summary

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.

Vulnerable Systems

Application

  • Andrew Tridgell Rsync 2.6


References

REDHAT - RHSA-2004:192

DEBIAN - DSA-499

BUGTRAQ - 20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync)

XF - rsync-write-files(16014)

TRUSTIX - TSL-2004-0024

SLACKWARE - SSA:2004-124-01

BID - 10247

GENTOO - GLSA-200407-10

CIAC - O-212

CIAC - O-134

SECUNIA - 12054

SECUNIA - 11993

SECUNIA - 11688

SECUNIA - 11669

SECUNIA - 11583

SECUNIA - 11537

SECUNIA - 11523

SECUNIA - 11515

SECUNIA - 11514

CONFIRM - http://rsync.samba.org/

MANDRAKE - MDKSA-2004:042


Last Updated: 27 May 2016 10:38:36