CVSS: 6.8EPSS: 18%CPEs: 1EXPL: 0CVE-2007-4091
https://notcve.org/view.php?id=CVE-2007-4091
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. Múltiples errores de superación de límite (off-by-one) en sender.c de rsync 2.6.9 podría permitir a atacantes remotos ejecutar código de su elección mediante nombres de directorio que no son manejados adecuadamente al llamar a la función f_name. • http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908 http://c-skills.blogspot.com/2007/08/cve-2007-4091.html http://secunia.com/advisories/26493 http://secunia.com/advisories/26518 http://secunia.com/advisories/26537 http://secunia.com/advisories/26543 http://secunia.com/advisories/26548 http://secunia.com/advisories/26634 http://secunia.com/advisories/26822 http://secunia.com/advisories/26911 http://secunia.com/advisories/27896 http://secunia.com/advisor •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2006-2083
https://notcve.org/view.php?id=CVE-2006-2083
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow. • http://samba.anu.edu.au/ftp/rsync/rsync-2.6.8-NEWS http://secunia.com/advisories/19920 http://secunia.com/advisories/19964 http://secunia.com/advisories/20011 http://www.gentoo.org/security/en/glsa/glsa-200605-05.xml http://www.securityfocus.com/bid/17788 http://www.trustix.org/errata/2006/0024 http://www.vupen.com/english/advisories/2006/1606 https://exchange.xforce.ibmcloud.com/vulnerabilities/26208 •
CVSS: 6.4EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0792
https://notcve.org/view.php?id=CVE-2004-0792
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Vulnerabilidad de atravesamiento de directorios en la función sanitize_path en util.c de rsync 2.6.2 y anteriores, cuando chroot está desactivado, permite a atacantes leer o escribir ciertos ficheros. • http://marc.info/?l=bugtraq&m=109268147522290&w=2 http://marc.info/?l=bugtraq&m=109277141223839&w=2 http://samba.org/rsync/#security_aug04 http://www.debian.org/security/2004/dsa-538 http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:083 http://www.novell.com/linux/security/advisories/2004_26_rsync.html http://www.trustix.net/errata/2004/0042 https://oval.cisecurity.org/repository/search/definitio •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0CVE-2004-0426
https://notcve.org/view.php?id=CVE-2004-0426
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path. rsync anteriores a 2.6.1 no limpia adecuadamente rutas cuando ejecuta un demonio de lectura y escritura sin usar chroot, lo que permite a atacantes remotos escribir ficheros fuera de la ruta del módulo. • http://marc.info/?l=bugtraq&m=108515912212018&w=2 http://rsync.samba.org http://secunia.com/advisories/11514 http://secunia.com/advisories/11515 http://secunia.com/advisories/11523 http://secunia.com/advisories/11537 http://secunia.com/advisories/11583 http://secunia.com/advisories/11669 http://secunia.com/advisories/11688 http://secunia.com/advisories/11993 http://secunia.com/advisories/12054 http://www.ciac.org/ciac/bulletins/o-134.shtml http://www.ciac.org& •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2004-2093 – rsync 2.5.7 - Local Stack Overflow / Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-2093
Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future. • https://www.exploit-db.com/exploits/152 http://archives.neohapsis.com/archives/vuln-dev/2004-q1/0091.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15108 •