6 results (0.003 seconds)

CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0

Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow. • http://samba.anu.edu.au/ftp/rsync/rsync-2.6.8-NEWS http://secunia.com/advisories/19920 http://secunia.com/advisories/19964 http://secunia.com/advisories/20011 http://www.gentoo.org/security/en/glsa/glsa-200605-05.xml http://www.securityfocus.com/bid/17788 http://www.trustix.org/errata/2006/0024 http://www.vupen.com/english/advisories/2006/1606 https://exchange.xforce.ibmcloud.com/vulnerabilities/26208 •

CVSS: 6.4EPSS: 0%CPEs: 27EXPL: 0

Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Vulnerabilidad de atravesamiento de directorios en la función sanitize_path en util.c de rsync 2.6.2 y anteriores, cuando chroot está desactivado, permite a atacantes leer o escribir ciertos ficheros. • http://marc.info/?l=bugtraq&m=109268147522290&w=2 http://marc.info/?l=bugtraq&m=109277141223839&w=2 http://samba.org/rsync/#security_aug04 http://www.debian.org/security/2004/dsa-538 http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:083 http://www.novell.com/linux/security/advisories/2004_26_rsync.html http://www.trustix.net/errata/2004/0042 https://oval.cisecurity.org/repository/search/definitio •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path. rsync anteriores a 2.6.1 no limpia adecuadamente rutas cuando ejecuta un demonio de lectura y escritura sin usar chroot, lo que permite a atacantes remotos escribir ficheros fuera de la ruta del módulo. • http://marc.info/?l=bugtraq&m=108515912212018&w=2 http://rsync.samba.org http://secunia.com/advisories/11514 http://secunia.com/advisories/11515 http://secunia.com/advisories/11523 http://secunia.com/advisories/11537 http://secunia.com/advisories/11583 http://secunia.com/advisories/11669 http://secunia.com/advisories/11688 http://secunia.com/advisories/11993 http://secunia.com/advisories/12054 http://www.ciac.org/ciac/bulletins/o-134.shtml http://www.ciac.org& •

CVSS: 7.5EPSS: 35%CPEs: 31EXPL: 0

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail. Desbordamiento de búfer en el montón en rsync anteriores a 2.5.7, cuando se ejecuta en modo servidor, permite a atacantes remotos ejecutar código arbitrario y posiblemente escapar del confinamiento chroot. • ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794 http://marc.info/?l=bugtraq&m=107055681311602&w=2 http://marc.info/?l=bugtraq&m=107055684711629&w=2 http://marc.info/?l=bugtraq&m=107055702911867&w=2 http://marc.info/? •

CVSS: 10.0EPSS: 91%CPEs: 14EXPL: 3

Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server. Errores de mezclado de números con y sin signo en las funciones I/O de rsync, versiones 2.4.6, 2.3.2 y otras versiones, permite que atacantes remotos provoquen una denegación de servicio y ejecuten código arbitrario en el cliente o servidor rsync. • https://www.exploit-db.com/exploits/398 https://www.exploit-db.com/exploits/399 https://www.exploit-db.com/exploits/21242 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:10.rsync.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000458 http://lists.suse.com/archives/suse-security-announce/2002-Jan/0003.html http://marc.info/?l=bugtraq&m=101223214906963&w=2 http://marc.info/?l=bugtraq&m=101223603321315&w=2 http://online.securityfocus.co •