Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4091

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4091
Last Modified 07 Mar 2011 09:57:45
Published 15 Aug 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4091

Summary

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

Vulnerable Systems

Application

  • Rsync 2.6.9


References

VUPEN - ADV-2007-2915

BID - 25336

CONFIRM - http://c-skills.blogspot.com/2007/08/cve-2007-4091.html

CONFIRM - http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908

CONFIRM - https://issues.rpath.com/browse/RPL-1647

XF - rsync-fname-bo(36072)

UBUNTU - USN-500-1

TRUSTIX - 2007-0026

BUGTRAQ - 20070823 FLEA-2007-0047-1 rsync

SUSE - SUSE-SR:2007:017

DEBIAN - DSA-1360

SLACKWARE - SSA:2007-335-01

GENTOO - GLSA-200709-13

SECUNIA - 27896

SECUNIA - 26911

SECUNIA - 26822

SECUNIA - 26634

SECUNIA - 26548

SECUNIA - 26543

SECUNIA - 26537

SECUNIA - 26518

SECUNIA - 26493


Last Updated: 27 May 2016 10:45:46