CVE-2007-4091 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4091
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4091

Description: Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36072 UBUNTU http://www.ubuntu.com/usn/usn-500-1 TRUSTIX http://www.trustix.org/errata/2007/0026/ SUSE http://www.novell.com/linux/security/advisories/2007_17_sr.html SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089 SAID Secunia Advisory: SA26543 Secunia Advisory: SA26634 Secunia Advisory: SA26548 Secunia Advisory: SA26537 Secunia Advisory: SA26518 Secunia Advisory: SA26493 Secunia Advisory: SA26822 Secunia Advisory: SA26911 Secunia Advisory: SA27896 GENTOO http://security.gentoo.org/glsa/glsa-200709-13.xml DEBIAN http://www.debian.org/security/2007/dsa-1360 CONFIRM http://c-skills.blogspot.com/2007/08/cve-2007-4091.html http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/477628/100/0/threaded BID 25336

Return to the previous page.