Page 2 of 10 results (0.005 seconds)

CVSS: 7.8EPSS: 4%CPEs: 42EXPL: 0

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file. La función check_secret en authenticate.c en rsync 3.1.0 y anteriores permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un nombre de usuario que no existe en el archivo de secretos. • http://advisories.mageia.org/MGASA-2015-0065.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html http://secunia.com/advisories/57948 http://www.mandriva.com/security/advisories?name=MDVSA-2015:131 http://www.openwall.com/lists/oss-security/2014/04/14/5 http://www.openwall.com/lists/oss-security/2014/04/15/1 http://www.ubuntu.com/usn/USN-2171-1 https://bugs.launchpad.net/ • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 8%CPEs: 33EXPL: 0

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors. Desbordamiento de búfer en resync2.6.9 a 3.0.1, al activar el soporte de atributos extendidos (xattr), puede permitir a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://marc.info/?l=bugtraq&m=125017764422557&w=2 http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff http://samba.anu.edu.au/rsync/security.html#s3_0_2 http://secunia.com/advisories/29668 http://secunia.com/advisories/29770 http://secunia.com/advisories/29777 http://secunia.com/advisories/29781 http://secunia.com/advisories/29788 http://secunia.com/advisories/29856 http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 2%CPEs: 40EXPL: 0

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura. Permite que atacantes remotos vulneren exclude, exclude_from, y filter, además de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://rsync.samba.org/security.html#s3_0_0 http://secunia.com/advisories/27853 http://secunia.com/advisories/27863 http://secunia.com/advisories/28412 http://secunia.com/advisories/28457 http://secunia.com/advisories/31326 http://securitytracker.com/id?1019012 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 http://www. • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 2%CPEs: 40EXPL: 0

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite así que atacantes remotos accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simbólico que apunta fuera de la jerarquía de ficheros del módulo. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://rsync.samba.org/security.html#s3_0_0 http://secunia.com/advisories/27853 http://secunia.com/advisories/27863 http://secunia.com/advisories/28412 http://secunia.com/advisories/28457 http://secunia.com/advisories/31326 http://secunia.com/advisories/61005 http://securitytracker.com/id?1019012 http://support.f5.com/kb/en • CWE-16: Configuration •

CVSS: 6.8EPSS: 18%CPEs: 1EXPL: 0

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. Múltiples errores de superación de límite (off-by-one) en sender.c de rsync 2.6.9 podría permitir a atacantes remotos ejecutar código de su elección mediante nombres de directorio que no son manejados adecuadamente al llamar a la función f_name. • http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908 http://c-skills.blogspot.com/2007/08/cve-2007-4091.html http://secunia.com/advisories/26493 http://secunia.com/advisories/26518 http://secunia.com/advisories/26537 http://secunia.com/advisories/26543 http://secunia.com/advisories/26548 http://secunia.com/advisories/26634 http://secunia.com/advisories/26822 http://secunia.com/advisories/26911 http://secunia.com/advisories/27896 http://secunia.com/advisor •