[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6200Date: (C)2007-12-01   (M)2023-12-22


Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019012
http://www.securityfocus.com/archive/1/487991/100/0/threaded
BID-26639
SECUNIA-27853
SECUNIA-27863
SECUNIA-28412
SECUNIA-28457
SECUNIA-31326
ADV-2007-4057
ADV-2008-2268
APPLE-SA-2008-07-31
MDVSA-2008:011
RHSA-2011:0999
SUSE-SR:2008:001
http://rsync.samba.org/security.html#s3_0_0
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257

CPE    8
cpe:/o:slackware:slackware_linux:8.1
cpe:/o:slackware:slackware_linux:9.0
cpe:/o:slackware:slackware_linux:9.1
cpe:/o:slackware:slackware_linux:12.0
...
CWE    1
CWE-264
OVAL    4
oval:org.secpod.oval:def:301406
oval:org.secpod.oval:def:201646
oval:org.secpod.oval:def:500220
oval:org.secpod.oval:def:201551
...

© SecPod Technologies