This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Andrew Tridgell First view 2003-12-15
Product Rsync Last view 2004-10-20
Version 2.4.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:andrew_tridgell:rsync

Activity : Overall

Related : CVE

  Date Alert Description
6.4 2004-10-20 CVE-2004-0792

Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
5 2004-07-07 CVE-2004-0426

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
7.5 2003-12-15 CVE-2003-0962

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

Open Source Vulnerability Database (OSVDB)

id Description
8829 rsync sanitize_path() Arbitrary File Dislcosure
5731 rsync Traversal Arbitrary File Creation
2898 rsync Unspecified Remote Heap Overflow

OpenVAS Exploits

id Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200312-03 (rsync)
File : nvt/glsa_200312_03.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200407-10 (rsync)
File : nvt/glsa_200407_10.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200408-17 (rsync)
File : nvt/glsa_200408_17.nasl
2008-09-04 Name : FreeBSD Ports: rsync
File : nvt/freebsd_rsync.nasl
2008-09-04 Name : FreeBSD Ports: rsync
File : nvt/freebsd_rsync0.nasl
2008-09-04 Name : FreeBSD Ports: rsync
File : nvt/freebsd_rsync1.nasl
2008-01-17 Name : Debian Security Advisory DSA 404-1 (rsync)
File : nvt/deb_404_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 499-1 (rsync)
File : nvt/deb_499_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 499-2 (rsync)
File : nvt/deb_499_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 538-1 (rsync)
File : nvt/deb_538_1.nasl
2005-11-03 Name : Apple SA 2003-12-19
File : nvt/apple-sa-2004-08-09.nasl
2005-11-03 Name : rsync path sanitation vulnerability
File : nvt/rsync_path_sanitation_vuln.nasl
0000-00-00 Name : Slackware Advisory SSA:2004-124-01 rsync update
File : nvt/esoft_slk_ssa_2004_124_01.nasl

Snort® IPS/IDS

Date Description
2014-01-10 rsync backup-dir directory traversal attempt
RuleID : 2561-community - Type : SERVER-OTHER - Revision : 8
2014-01-10 rsync backup-dir directory traversal attempt
RuleID : 2561 - Type : SERVER-OTHER - Revision : 8
2014-01-10 rsyncd overflow attempt
RuleID : 2048 - Type : MISC - Revision : 10

Nessus® Vulnerability Scanner

id Description
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_5729b8ed5d7511d880e30020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_73ea07069c5711d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2004-285-01.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2004-124-01.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_2689f4cbec4c11d89440000347a4fa7d.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-404.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-499.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-538.nasl - Type: ACT_GATHER_INFO
2004-09-08 Name: The remote host is missing a Mac OS X update that fixes a security issue.
File: macosx_SecUpd20040907.nasl - Type: ACT_GATHER_INFO
2004-09-01 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2004-436.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200408-17.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200407-10.nasl - Type: ACT_GATHER_INFO
2004-08-22 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2004-083.nasl - Type: ACT_GATHER_INFO
2004-08-16 Name: Arbitrary files can be accessed from the remote host.
File: rsync_path_sanitation_vuln.nasl - Type: ACT_GATHER_INFO
2004-08-10 Name: The remote host is affected by a local privilege escalation vulnerability.
File: apple-sa-2004-08-09.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2003-111.nasl - Type: ACT_GATHER_INFO
2004-07-31 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2004-042.nasl - Type: ACT_GATHER_INFO
2004-07-25 Name: The remote host is missing a vendor-supplied security patch
File: suse_SA_2003_050.nasl - Type: ACT_GATHER_INFO
2004-07-23 Name: The remote Fedora Core host is missing a security update.
File: fedora_2004-116.nasl - Type: ACT_GATHER_INFO
2004-07-23 Name: The remote Fedora Core host is missing a security update.
File: fedora_2003-030.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote host is missing a Mac OS X security update.
File: macosx_SecUpd20031219.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2003-399.nasl - Type: ACT_GATHER_INFO
2004-07-06 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2004-192.nasl - Type: ACT_GATHER_INFO
2004-05-06 Name: Arbitrary files may be overwritten on the remote host.
File: rsync_path_traversal.nasl - Type: ACT_GATHER_INFO
2003-12-04 Name: Arbitrary code can be run on the remote server.
File: rsync_heap_overflow.nasl - Type: ACT_GATHER_INFO