CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 2CVE-2022-29154 – rsync: remote arbitrary files write inside the directories of connecting peers
https://notcve.org/view.php?id=CVE-2022-29154
02 Aug 2022 — An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). Se ha detectado un p... • https://github.com/EgeBalci/CVE-2022-29154 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-5764 – Gentoo Linux Security Advisory 201805-04
https://notcve.org/view.php?id=CVE-2018-5764
17 Jan 2018 — The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. La función parse_arguments en options.c en rsync, en versiones anteriores a la 3.1.3, no evita los usos múltiples de --protect-args, lo que permite que atacantes remotos omitan un mecanismo de protección de saneamiento de argumentos. USN-3543-1 fixed vulnerabilities in rsync. This update provides the co... • http://www.securityfocus.com/bid/102803 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-17434 – Ubuntu Security Notice USN-3506-1
https://notcve.org/view.php?id=CVE-2017-17434
06 Dec 2017 — The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. El demonio en rsync 3.1.2 y 3.1.3-development en versiones anteriores a la 2017-11-03 no busc... • http://security.cucumberlinux.com/security/details.php?id=170 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15994
https://notcve.org/view.php?id=CVE-2017-15994
29 Oct 2017 — rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. rsync 3.1.3-development en versiones anteriores al 24/10/2017 gestiona de manera incorrecta las sumas de verificación arcaicas, lo que hace que sea más fácil para los atacantes remotos omitir las restriccio... • https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 3%CPEs: 42EXPL: 0CVE-2014-2855 – Ubuntu Security Notice USN-2171-1
https://notcve.org/view.php?id=CVE-2014-2855
23 Apr 2014 — The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file. La función check_secret en authenticate.c en rsync 3.1.0 y anteriores permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un nombre de usuario que no existe en el archivo de secretos. Ryan Finnie discovered that rsync 3.1.0 contains a den... • http://advisories.mageia.org/MGASA-2015-0065.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 53%CPEs: 40EXPL: 0CVE-2007-6200 – rsync excluded content access restrictions bypass via symlinks
https://notcve.org/view.php?id=CVE-2007-6200
01 Dec 2007 — Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura. Permite que atacantes remotos vulneren exclude, exclude_from, y filter, además de poder leer y ... • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 40EXPL: 0CVE-2007-6199
https://notcve.org/view.php?id=CVE-2007-6199
01 Dec 2007 — rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite así que atacantes remotos accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enla... • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0792
https://notcve.org/view.php?id=CVE-2004-0792
18 Aug 2004 — Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Vulnerabilidad de atravesamiento de directorios en la función sanitize_path en util.c de rsync 2.6.2 y anteriores, cuando chroot está desactivado, permite a atacantes leer o escribir ciertos ficheros. • http://marc.info/?l=bugtraq&m=109268147522290&w=2 •
CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 0CVE-2004-0426
https://notcve.org/view.php?id=CVE-2004-0426
30 Apr 2004 — rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path. rsync anteriores a 2.6.1 no limpia adecuadamente rutas cuando ejecuta un demonio de lectura y escritura sin usar chroot, lo que permite a atacantes remotos escribir ficheros fuera de la ruta del módulo. • http://marc.info/?l=bugtraq&m=108515912212018&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2004-2093 – rsync 2.5.7 - Local Stack Overflow / Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-2093
09 Feb 2004 — Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future. • https://www.exploit-db.com/exploits/152 •