Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2004-0792
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.4/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 4.9/10
- Confidentiality Impact
- Partial
- Availability Impact
- None
- Integrity Impact
- Partial
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:m68k:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:sparc:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.5.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.5.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:intel:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.3.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.5.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:alpha:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.6.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.4.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.4.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.5.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.5.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.4.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.6.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.5.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.3.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.4.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.5.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.5.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.4.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.4.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:ppc:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:arm:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.debian.org/security/2004/dsa-538
- http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml
- http://samba.org/rsync/#security_aug04
- http://www.novell.com/linux/security/advisories/2004_26_rsync.html
- http://www.trustix.net/errata/2004/0042/
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:083
- http://marc.info/?l=bugtraq&m=109277141223839&w=2
- http://marc.info/?l=bugtraq&m=109268147522290&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1