CVE-2004-0426 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2004-0426
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0426

Description: rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/16014 TRUSTIX http://www.trustix.net/errata/misc/2004/TSL-2004-0024-rsync.asc.txt SLACKWARE http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.403462 SAID Secunia Advisory: SA12054 Secunia Advisory: SA11993 Secunia Advisory: SA11688 Secunia Advisory: SA11523 Secunia Advisory: SA11537 Secunia Advisory: SA11583 Secunia Advisory: SA11669 Secunia Advisory: SA11514 Secunia Advisory: SA11515 REDHAT http://www.redhat.com/support/errata/RHSA-2004-192.html OVAL http://oval.mitre.org/oval/definitions/data/oval967.html MANDRAKE http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:042 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200407-10.xml DEBIAN http://www.debian.org/security/2004/dsa-499 CONFIRM http://rsync.samba.org/ CIAC http://www.ciac.org/ciac/bulletins/o-134.shtml http://www.ciac.org/ciac/bulletins/o-212.shtml BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=108515912212018&w=2 BID 10247

Return to the previous page.