Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0792

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2004-0792
Last Modified 21 Aug 2010 12:21:17
Published 20 Oct 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0792

Summary

Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.

Vulnerable Systems

Application

  • Andrew Tridgell Rsync 2.3.1

  • Andrew Tridgell Rsync 2.3.2

  • Andrew Tridgell Rsync 2.3.2 1.2

  • Andrew Tridgell Rsync 2.3.2 1.3

  • Andrew Tridgell Rsync 2.4.0

  • Andrew Tridgell Rsync 2.4.1

  • Andrew Tridgell Rsync 2.4.3

  • Andrew Tridgell Rsync 2.4.4

  • Andrew Tridgell Rsync 2.4.5

  • Andrew Tridgell Rsync 2.4.6

  • Andrew Tridgell Rsync 2.4.8

  • Andrew Tridgell Rsync 2.5.0

  • Andrew Tridgell Rsync 2.5.1

  • Andrew Tridgell Rsync 2.5.2

  • Andrew Tridgell Rsync 2.5.3

  • Andrew Tridgell Rsync 2.5.4

  • Andrew Tridgell Rsync 2.5.5

  • Andrew Tridgell Rsync 2.5.6

  • Andrew Tridgell Rsync 2.5.7

  • Andrew Tridgell Rsync 2.6

  • Andrew Tridgell Rsync 2.6.1

  • Andrew Tridgell Rsync 2.6.2


References

GENTOO - GLSA-200408-17

DEBIAN - DSA-538

TRUSTIX - 2004-0042

SUSE - SUSE-SA:2004:026

CONFIRM - http://samba.org/rsync/#security_aug04

BUGTRAQ - 20040817 LNSA-#2004-0017: rsync (Aug, 17 2004)

BUGTRAQ - 20040816 TSSA-2004-020-ES - rsync

MANDRAKE - MDKSA-2004:083


Last Updated: 27 May 2016 10:38:46