Page 2 of 10 results (0.003 seconds)

CVSS: 10.0EPSS: 2%CPEs: 40EXPL: 0

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura. Permite que atacantes remotos vulneren exclude, exclude_from, y filter, además de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://rsync.samba.org/security.html#s3_0_0 http://secunia.com/advisories/27853 http://secunia.com/advisories/27863 http://secunia.com/advisories/28412 http://secunia.com/advisories/28457 http://secunia.com/advisories/31326 http://securitytracker.com/id?1019012 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 http://www. • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 2%CPEs: 40EXPL: 0

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite así que atacantes remotos accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simbólico que apunta fuera de la jerarquía de ficheros del módulo. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://rsync.samba.org/security.html#s3_0_0 http://secunia.com/advisories/27853 http://secunia.com/advisories/27863 http://secunia.com/advisories/28412 http://secunia.com/advisories/28457 http://secunia.com/advisories/31326 http://secunia.com/advisories/61005 http://securitytracker.com/id?1019012 http://support.f5.com/kb/en • CWE-16: Configuration •

CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0

Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow. • http://samba.anu.edu.au/ftp/rsync/rsync-2.6.8-NEWS http://secunia.com/advisories/19920 http://secunia.com/advisories/19964 http://secunia.com/advisories/20011 http://www.gentoo.org/security/en/glsa/glsa-200605-05.xml http://www.securityfocus.com/bid/17788 http://www.trustix.org/errata/2006/0024 http://www.vupen.com/english/advisories/2006/1606 https://exchange.xforce.ibmcloud.com/vulnerabilities/26208 •

CVSS: 6.4EPSS: 0%CPEs: 27EXPL: 0

Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Vulnerabilidad de atravesamiento de directorios en la función sanitize_path en util.c de rsync 2.6.2 y anteriores, cuando chroot está desactivado, permite a atacantes leer o escribir ciertos ficheros. • http://marc.info/?l=bugtraq&m=109268147522290&w=2 http://marc.info/?l=bugtraq&m=109277141223839&w=2 http://samba.org/rsync/#security_aug04 http://www.debian.org/security/2004/dsa-538 http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:083 http://www.novell.com/linux/security/advisories/2004_26_rsync.html http://www.trustix.net/errata/2004/0042 https://oval.cisecurity.org/repository/search/definitio •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path. rsync anteriores a 2.6.1 no limpia adecuadamente rutas cuando ejecuta un demonio de lectura y escritura sin usar chroot, lo que permite a atacantes remotos escribir ficheros fuera de la ruta del módulo. • http://marc.info/?l=bugtraq&m=108515912212018&w=2 http://rsync.samba.org http://secunia.com/advisories/11514 http://secunia.com/advisories/11515 http://secunia.com/advisories/11523 http://secunia.com/advisories/11537 http://secunia.com/advisories/11583 http://secunia.com/advisories/11669 http://secunia.com/advisories/11688 http://secunia.com/advisories/11993 http://secunia.com/advisories/12054 http://www.ciac.org/ciac/bulletins/o-134.shtml http://www.ciac.org& •