Summary
Detail | |||
---|---|---|---|
Vendor | Andrew Tridgell | First view | 2003-12-15 |
Product | Rsync | Last view | 2004-10-20 |
Version | 2.4.0 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:andrew_tridgell:rsync |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.4 | 2004-10-20 | CVE-2004-0792 | Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. |
5 | 2004-07-07 | CVE-2004-0426 | rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path. |
7.5 | 2003-12-15 | CVE-2003-0962 | Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail. |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
8829 | rsync sanitize_path() Arbitrary File Dislcosure |
5731 | rsync Traversal Arbitrary File Creation |
2898 | rsync Unspecified Remote Heap Overflow |
OpenVAS Exploits
id | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200312-03 (rsync) File : nvt/glsa_200312_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-10 (rsync) File : nvt/glsa_200407_10.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-17 (rsync) File : nvt/glsa_200408_17.nasl |
2008-09-04 | Name : FreeBSD Ports: rsync File : nvt/freebsd_rsync.nasl |
2008-09-04 | Name : FreeBSD Ports: rsync File : nvt/freebsd_rsync0.nasl |
2008-09-04 | Name : FreeBSD Ports: rsync File : nvt/freebsd_rsync1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 404-1 (rsync) File : nvt/deb_404_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 499-1 (rsync) File : nvt/deb_499_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 499-2 (rsync) File : nvt/deb_499_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 538-1 (rsync) File : nvt/deb_538_1.nasl |
2005-11-03 | Name : Apple SA 2003-12-19 File : nvt/apple-sa-2004-08-09.nasl |
2005-11-03 | Name : rsync path sanitation vulnerability File : nvt/rsync_path_sanitation_vuln.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-124-01 rsync update File : nvt/esoft_slk_ssa_2004_124_01.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | rsync backup-dir directory traversal attempt RuleID : 2561-community - Type : SERVER-OTHER - Revision : 8 |
2014-01-10 | rsync backup-dir directory traversal attempt RuleID : 2561 - Type : SERVER-OTHER - Revision : 8 |
2014-01-10 | rsyncd overflow attempt RuleID : 2048 - Type : MISC - Revision : 10 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_5729b8ed5d7511d880e30020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_73ea07069c5711d893660020ed76ef5a.nasl - Type: ACT_GATHER_INFO |
2005-07-13 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2004-285-01.nasl - Type: ACT_GATHER_INFO |
2005-07-13 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2004-124-01.nasl - Type: ACT_GATHER_INFO |
2005-07-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_2689f4cbec4c11d89440000347a4fa7d.nasl - Type: ACT_GATHER_INFO |
2004-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-404.nasl - Type: ACT_GATHER_INFO |
2004-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-499.nasl - Type: ACT_GATHER_INFO |
2004-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-538.nasl - Type: ACT_GATHER_INFO |
2004-09-08 | Name: The remote host is missing a Mac OS X update that fixes a security issue. File: macosx_SecUpd20040907.nasl - Type: ACT_GATHER_INFO |
2004-09-01 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2004-436.nasl - Type: ACT_GATHER_INFO |
2004-08-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200408-17.nasl - Type: ACT_GATHER_INFO |
2004-08-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200407-10.nasl - Type: ACT_GATHER_INFO |
2004-08-22 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2004-083.nasl - Type: ACT_GATHER_INFO |
2004-08-16 | Name: Arbitrary files can be accessed from the remote host. File: rsync_path_sanitation_vuln.nasl - Type: ACT_GATHER_INFO |
2004-08-10 | Name: The remote host is affected by a local privilege escalation vulnerability. File: apple-sa-2004-08-09.nasl - Type: ACT_GATHER_INFO |
2004-07-31 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2003-111.nasl - Type: ACT_GATHER_INFO |
2004-07-31 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2004-042.nasl - Type: ACT_GATHER_INFO |
2004-07-25 | Name: The remote host is missing a vendor-supplied security patch File: suse_SA_2003_050.nasl - Type: ACT_GATHER_INFO |
2004-07-23 | Name: The remote Fedora Core host is missing a security update. File: fedora_2004-116.nasl - Type: ACT_GATHER_INFO |
2004-07-23 | Name: The remote Fedora Core host is missing a security update. File: fedora_2003-030.nasl - Type: ACT_GATHER_INFO |
2004-07-06 | Name: The remote host is missing a Mac OS X security update. File: macosx_SecUpd20031219.nasl - Type: ACT_GATHER_INFO |
2004-07-06 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2003-399.nasl - Type: ACT_GATHER_INFO |
2004-07-06 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2004-192.nasl - Type: ACT_GATHER_INFO |
2004-05-06 | Name: Arbitrary files may be overwritten on the remote host. File: rsync_path_traversal.nasl - Type: ACT_GATHER_INFO |
2003-12-04 | Name: Arbitrary code can be run on the remote server. File: rsync_heap_overflow.nasl - Type: ACT_GATHER_INFO |