[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6199Date: (C)2007-12-01   (M)2023-12-22


rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019012
http://www.securityfocus.com/archive/1/487991/100/0/threaded
BID-26638
SECUNIA-27853
SECUNIA-27863
SECUNIA-28412
SECUNIA-28457
SECUNIA-31326
SECUNIA-61005
ADV-2007-4057
ADV-2008-2268
APPLE-SA-2008-07-31
MDVSA-2008:011
SUSE-SR:2008:001
http://rsync.samba.org/security.html#s3_0_0
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257

CPE    8
cpe:/o:slackware:slackware_linux:8.1
cpe:/o:slackware:slackware_linux:9.0
cpe:/o:slackware:slackware_linux:9.1
cpe:/o:slackware:slackware_linux:12.0
...
CWE    1
CWE-16
OVAL    1
oval:org.secpod.oval:def:301406

© SecPod Technologies