Vulnerabilities > CVE-2004-0792 - Unspecified vulnerability in Andrew Tridgell Rsync
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200408-17.NASL description The remote host is affected by the vulnerability described in GLSA-200408-17 (rsync: Potential information leakage) The paths sent by the rsync client are not checked thoroughly enough. It does not affect the normal send/receive filenames that specify what files should be transferred. It does affect certain option paths that cause auxiliary files to be read or written. Impact : When rsyncd is used without chroot ( last seen 2020-06-01 modified 2020-06-02 plugin id 14573 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14573 title GLSA-200408-17 : rsync: Potential information leakage code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200408-17. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14573); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0792"); script_xref(name:"GLSA", value:"200408-17"); script_name(english:"GLSA-200408-17 : rsync: Potential information leakage"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200408-17 (rsync: Potential information leakage) The paths sent by the rsync client are not checked thoroughly enough. It does not affect the normal send/receive filenames that specify what files should be transferred. It does affect certain option paths that cause auxiliary files to be read or written. Impact : When rsyncd is used without chroot ('use chroot = false' in the rsyncd.conf file), this vulnerability could allow the listing of arbitrary files outside module's path and allow file overwriting outside module's path on rsync server configurations that allows uploading. Both possibilities are exposed only when chroot option is disabled. Workaround : You should never set the rsync daemon to run with 'use chroot = false'." ); # http://samba.org/rsync/#security_aug04 script_set_attribute( attribute:"see_also", value:"https://rsync.samba.org/#security_aug04" ); # http://lists.samba.org/archive/rsync-announce/2004/000017.html script_set_attribute( attribute:"see_also", value:"https://lists.samba.org/archive/rsync-announce/2004/000017.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200408-17" ); script_set_attribute( attribute:"solution", value: "All users should update to the latest version of the rsync package. # emerge sync # emerge -pv '>=net-misc/rsync-2.6.0-r3' # emerge '>=net-misc/rsync-2.6.0-r3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:rsync"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/rsync", unaffected:make_list("ge 2.6.0-r3"), vulnerable:make_list("le 2.6.0-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsync"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-083.NASL description An advisory was sent out by the rsync team regarding a security vulnerability in all versions of rsync prior to and including 2.6.2. If rsync is running in daemon mode, and not in a chrooted environment, it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. This vulnerability allows a remote attacker to possibly read/write to/from files outside of the rsync directory. The updated packages are patched to prevent this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 14332 published 2004-08-22 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14332 title Mandrake Linux Security Advisory : rsync (MDKSA-2004:083) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:083. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14332); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0792"); script_xref(name:"MDKSA", value:"2004:083"); script_name(english:"Mandrake Linux Security Advisory : rsync (MDKSA-2004:083)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "An advisory was sent out by the rsync team regarding a security vulnerability in all versions of rsync prior to and including 2.6.2. If rsync is running in daemon mode, and not in a chrooted environment, it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. This vulnerability allows a remote attacker to possibly read/write to/from files outside of the rsync directory. The updated packages are patched to prevent this problem." ); script_set_attribute( attribute:"see_also", value:"http://samba.org/rsync/#security_aug04" ); script_set_attribute(attribute:"solution", value:"Update the affected rsync package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rsync"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"rsync-2.6.0-1.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"rsync-2.5.7-0.3.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"rsync-2.5.7-0.3.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-285-01.NASL description New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to a fix security issue when rsync is run as a non-chrooted server. last seen 2020-06-01 modified 2020-06-02 plugin id 18780 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18780 title Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : rsync (SSA:2004-285-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2004-285-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(18780); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2004-0792"); script_xref(name:"SSA", value:"2004-285-01"); script_name(english:"Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : rsync (SSA:2004-285-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to a fix security issue when rsync is run as a non-chrooted server." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.431578 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?847b3c34" ); script_set_attribute(attribute:"solution", value:"Update the affected rsync package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:rsync"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"8.1", pkgname:"rsync", pkgver:"2.6.3", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.0", pkgname:"rsync", pkgver:"2.6.3", pkgarch:"i386", pkgnum:"1")) flag++; if (slackware_check(osver:"9.1", pkgname:"rsync", pkgver:"2.6.3", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"10.0", pkgname:"rsync", pkgver:"2.6.3", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"rsync", pkgver:"2.6.3", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_RSYNC_262_2.NASL description The remote host has an old version of rsync installed. There is a flaw in this version of rsync which, due to an input validation error, would allow a remote attacker to gain access to the remote system. An attacker, exploiting this flaw, would need network access to the TCP port. Successful exploitation requires that the rsync daemon is *not* running chroot. last seen 2016-09-26 modified 2011-10-02 plugin id 14386 published 2004-08-27 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14386 title FreeBSD Ports : rsync < 2.6.2_2 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated by freebsd_pkg_73ea07069c5711d893660020ed76ef5a.nasl. # # Disabled on 2011/10/01. # # (C) Tenable Network Security # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(14386); script_bugtraq_id(10938); script_version ("1.13"); script_cve_id("CVE-2004-0792"); name["english"] = "FreeBSD Ports : rsync < 2.6.2_2"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host has an old version of rsync installed. There is a flaw in this version of rsync which, due to an input validation error, would allow a remote attacker to gain access to the remote system. An attacker, exploiting this flaw, would need network access to the TCP port. Successful exploitation requires that the rsync daemon is *not* running chroot." ); script_set_attribute(attribute:"solution", value: "http://www.vuxml.org/freebsd/73ea0706-9c57-11d8-9366-0020ed76ef5a.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/27"); script_cvs_date("Date: 2018/07/20 0:18:52"); script_end_attributes(); summary["english"] = "Check for the version of the rsync package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); family["english"] = "FreeBSD Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/FreeBSD/pkg_info"); exit(0); } exit(0, "This plugin has been deprecated. Refer to plugin #38112 (freebsd_pkg_73ea07069c5711d893660020ed76ef5a.nasl) instead."); include("freebsd_package.inc"); pkgs = get_kb_item("Host/FreeBSD/pkg_info"); package = egrep(pattern:"^rsync-[0-2]", string:pkgs); if ( package && pkg_cmp(pkg:package, reference:"rsync-2.6.2_2") < 0 ) security_warning(0);NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-436.NASL description An updated rsync package that fixes a path sanitizing bug is now available. The rsync program synchronizes files over a network. Versions of rsync up to and including version 2.6.2 contain a path sanitization issue. This issue could allow an attacker to read or write files outside of the rsync directory. This vulnerability is only exploitable when an rsync server is enabled and is not running within a chroot. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0792 to this issue. Users of rsync are advised to upgrade to this updated package, which contains a backported patch and is not affected by this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 14623 published 2004-09-01 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14623 title RHEL 2.1 / 3 : rsync (RHSA-2004:436) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:436. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(14623); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0792"); script_xref(name:"RHSA", value:"2004:436"); script_name(english:"RHEL 2.1 / 3 : rsync (RHSA-2004:436)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated rsync package that fixes a path sanitizing bug is now available. The rsync program synchronizes files over a network. Versions of rsync up to and including version 2.6.2 contain a path sanitization issue. This issue could allow an attacker to read or write files outside of the rsync directory. This vulnerability is only exploitable when an rsync server is enabled and is not running within a chroot. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0792 to this issue. Users of rsync are advised to upgrade to this updated package, which contains a backported patch and is not affected by this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0792" ); script_set_attribute( attribute:"see_also", value:"http://rsync.samba.org/#security_aug04" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:436" ); script_set_attribute(attribute:"solution", value:"Update the affected rsync package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rsync"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/20"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:436"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"rsync-2.5.7-3.21AS.1")) flag++; if (rpm_check(release:"RHEL3", reference:"rsync-2.5.7-5.3E")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsync"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-538.NASL description The rsync developers have discovered a security related problem in rsync, a fast remote file copy program, which offers an attacker to access files outside of the defined directory. To exploit this path-sanitizing bug, rsync has to run in daemon mode with the chroot option being disabled. It does not affect the normal send/receive filenames that specify what files should be transferred. It does affect certain option paths that cause auxiliary files to be read or written. last seen 2020-06-01 modified 2020-06-02 plugin id 15375 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15375 title Debian DSA-538-1 : rsync - unsanitised input processing NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_2689F4CBEC4C11D89440000347A4FA7D.NASL description An rsync security advisory reports : There is a path-sanitizing bug that affects daemon mode in all recent rsync versions (including 2.6.2) but only if chroot is disabled. The bug may allow a remote user to access files outside of an rsync module last seen 2020-06-01 modified 2020-06-02 plugin id 18874 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18874 title FreeBSD : rsync -- path sanitizing vulnerability (2689f4cb-ec4c-11d8-9440-000347a4fa7d) NASL family Gain a shell remotely NASL id RSYNC_PATH_SANITATION_VULN.NASL description An information disclosure vulnerability exists in rsync due to improper validation of user-supplied input to the sanitize_path() function. An unauthenticated, remote attacker can exploit this, via a specially crafted path, to generated an absolute filename in place of a relative filename, resulting the disclosure of arbitrary files. However, successful exploitation requires that the rsync daemon is not running chrooted. Note that since rsync does not advertise its version number and since there are few details about this flaw at this time, this might be a false positive. last seen 2020-06-01 modified 2020-06-02 plugin id 14223 published 2004-08-16 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14223 title rsync sanitize_path() Function Arbitrary File Disclosure
Oval
| accepted | 2013-04-29T04:06:42.344-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:10561 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. | ||||||||
| version | 27 |
Redhat
| rpms |
|
References
- http://marc.info/?l=bugtraq&m=109268147522290&w=2
- http://marc.info/?l=bugtraq&m=109277141223839&w=2
- http://samba.org/rsync/#security_aug04
- http://www.debian.org/security/2004/dsa-538
- http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:083
- http://www.novell.com/linux/security/advisories/2004_26_rsync.html
- http://www.trustix.net/errata/2004/0042/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561