Vulnerability Details CVE-2004-0792
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.5%
CVSS Severity
CVSS v2 Score 6.4
References
- http://marc.info/?l=bugtraq&m=109268147522290&w=2
- http://marc.info/?l=bugtraq&m=109277141223839&w=2
- http://samba.org/rsync/#security_aug04
- http://www.debian.org/security/2004/dsa-538
- http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:083
- http://www.novell.com/linux/security/advisories/2004_26_rsync.html
- http://www.trustix.net/errata/2004/0042/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561
- http://marc.info/?l=bugtraq&m=109268147522290&w=2
- http://marc.info/?l=bugtraq&m=109277141223839&w=2
- http://samba.org/rsync/#security_aug04
- http://www.debian.org/security/2004/dsa-538
- http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:083
- http://www.novell.com/linux/security/advisories/2004_26_rsync.html
- http://www.trustix.net/errata/2004/0042/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561
Products affected by CVE-2004-0792
-
cpe:2.3:a:andrew_tridgell:rsync:2.3.1
-
cpe:2.3:a:andrew_tridgell:rsync:2.3.2
-
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2
-
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.3
-
cpe:2.3:a:andrew_tridgell:rsync:2.4.0
-
cpe:2.3:a:andrew_tridgell:rsync:2.4.1
-
cpe:2.3:a:andrew_tridgell:rsync:2.4.3
-
cpe:2.3:a:andrew_tridgell:rsync:2.4.4
-
cpe:2.3:a:andrew_tridgell:rsync:2.4.5
-
cpe:2.3:a:andrew_tridgell:rsync:2.4.6
-
cpe:2.3:a:andrew_tridgell:rsync:2.4.8
-
cpe:2.3:a:andrew_tridgell:rsync:2.5.0
-
cpe:2.3:a:andrew_tridgell:rsync:2.5.1
-
cpe:2.3:a:andrew_tridgell:rsync:2.5.2
-
cpe:2.3:a:andrew_tridgell:rsync:2.5.3
-
cpe:2.3:a:andrew_tridgell:rsync:2.5.4
-
cpe:2.3:a:andrew_tridgell:rsync:2.5.5
-
cpe:2.3:a:andrew_tridgell:rsync:2.5.6
-
cpe:2.3:a:andrew_tridgell:rsync:2.5.7
-
cpe:2.3:a:andrew_tridgell:rsync:2.6
-
cpe:2.3:a:andrew_tridgell:rsync:2.6.1
-
cpe:2.3:a:andrew_tridgell:rsync:2.6.2