Search criteria
4 vulnerabilities by rsync
CVE-2025-10158 (GCVE-0-2025-10158)
Vulnerability from cvelistv5 – Published: 2025-11-18 14:24 – Updated: 2025-11-19 16:48
VLAI?
Summary
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The
malicious
rsync client requires at least read access to the remote rsync module in order to trigger the issue.
Severity ?
4.3 (Medium)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Calum Hutton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:15:02.998218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:48:56.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "rsync",
"vendor": "rsync",
"versions": [
{
"lessThanOrEqual": "3.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calum Hutton"
}
],
"datePublic": "2025-11-18T14:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
}
],
"value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:45:58.065Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"
},
{
"tags": [
"technical-description"
],
"url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-03-19T06:11:00.000Z",
"value": "Rapid7 makes initial outreach to rsync maintainers"
},
{
"lang": "en",
"time": "2025-03-19T10:04:00.000Z",
"value": "Rsync maintainers confirm outreach"
},
{
"lang": "en",
"time": "2025-03-20T10:34:00.000Z",
"value": "Rapid7 provides rsync maintainers a technical writeup and PoC to reproduce the issue"
},
{
"lang": "en",
"time": "2025-04-02T03:05:00.000Z",
"value": "Rapid7 requests confirmation of findings"
},
{
"lang": "en",
"time": "2025-04-06T09:30:00.000Z",
"value": "Rsync maintainers indicate more time is needed"
},
{
"lang": "en",
"time": "2025-04-16T05:31:00.000Z",
"value": "Rsync maintainers reproduce the issue and dispute its security impact due to uncertainty around viability of heap manipulation during exploitation"
},
{
"lang": "en",
"time": "2025-04-17T01:56:00.000Z",
"value": "Rapid7 indicates manipulating the heap is nuanced and CVE assignment is both prudent and best practice in this instance"
},
{
"lang": "en",
"time": "2025-05-07T09:08:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-05-12T06:08:00.000Z",
"value": "Rsync maintainers indicate a pull request to fix the issue is forthcoming"
},
{
"lang": "en",
"time": "2025-05-28T09:40:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-06-17T04:19:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-08-18T11:59:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-08-23T09:17:00.000Z",
"value": "Rsync maintainers indicate a pull request to remediate the issue has been made and a feature release is forthcoming"
},
{
"lang": "en",
"time": "2025-09-02T04:23:00.000Z",
"value": "Rapid7 indicates intention to assign a CVE and perform a coordinated disclosure with the rsync maintainers upon the upcoming feature release"
},
{
"lang": "en",
"time": "2025-09-09T11:18:00.000Z",
"value": "Rapid7 provides rsync maintainers a reserved CVE identifier and requests the date for the expected feature release"
},
{
"lang": "en",
"time": "2025-11-11T04:42:00.000Z",
"value": "Rapid7 indicates intention to publish the CVE record on November 18, 2025."
},
{
"lang": "en",
"time": "2025-11-18T14:00:00.000Z",
"value": "This disclosure"
}
],
"title": "Rsync: Out of bounds array access via negative index",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2025-10158",
"datePublished": "2025-11-18T14:24:19.210Z",
"dateReserved": "2025-09-09T11:15:17.585Z",
"dateUpdated": "2025-11-19T16:48:56.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2007-6200 (GCVE-0-2007-6200)
Vulnerability from cvelistv5 – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6200",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6199 (GCVE-0-2007-6199)
Vulnerability from cvelistv5 – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6199",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4091 (GCVE-0-2007-4091)
Vulnerability from cvelistv5 – Published: 2007-08-16 00:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:38.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26543"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26543"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26543"
},
{
"name": "https://issues.rpath.com/browse/RPL-1647",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"name": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908",
"refsource": "CONFIRM",
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html",
"refsource": "CONFIRM",
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4091",
"datePublished": "2007-08-16T00:00:00",
"dateReserved": "2007-07-30T00:00:00",
"dateUpdated": "2024-08-07T14:46:38.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}