cvelistv5 - cve-2007-6200

cve-2007-6200

Vulnerability from cvelistv5

Published

2007-12-01 01:00

Modified

2024-08-07 15:54

Severity ?

Summary

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
cve@mitre.org	http://rsync.samba.org/security.html#s3_0_0	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27853
cve@mitre.org	http://secunia.com/advisories/27863	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28412
cve@mitre.org	http://secunia.com/advisories/28457
cve@mitre.org	http://secunia.com/advisories/31326
cve@mitre.org	http://securitytracker.com/id?1019012
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
cve@mitre.org	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2011-0999.html
cve@mitre.org	http://www.securityfocus.com/archive/1/487991/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26639
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4057
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2268
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rsync.samba.org/security.html#s3_0_0	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27853
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27863	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28412
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28457
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31326
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019012
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0999.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487991/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26639
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4057
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2268

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:27.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28412",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28412"
          },
          {
            "name": "ADV-2007-4057",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4057"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "RHSA-2011:0999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
          },
          {
            "name": "26639",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26639"
          },
          {
            "name": "ADV-2008-2268",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "27853",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27853"
          },
          {
            "name": "20080212 FLEA-2008-0004-1 rsync",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
          },
          {
            "name": "27863",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27863"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rsync.samba.org/security.html#s3_0_0"
          },
          {
            "name": "28457",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28457"
          },
          {
            "name": "MDVSA-2008:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
          },
          {
            "name": "31326",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "1019012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019012"
          },
          {
            "name": "SUSE-SR:2008:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28412",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28412"
        },
        {
          "name": "ADV-2007-4057",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4057"
        },
        {
          "name": "APPLE-SA-2008-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
        },
        {
          "name": "RHSA-2011:0999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
        },
        {
          "name": "26639",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26639"
        },
        {
          "name": "ADV-2008-2268",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2268"
        },
        {
          "name": "27853",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27853"
        },
        {
          "name": "20080212 FLEA-2008-0004-1 rsync",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
        },
        {
          "name": "27863",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27863"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rsync.samba.org/security.html#s3_0_0"
        },
        {
          "name": "28457",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28457"
        },
        {
          "name": "MDVSA-2008:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
        },
        {
          "name": "31326",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31326"
        },
        {
          "name": "1019012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019012"
        },
        {
          "name": "SUSE-SR:2008:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6200",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28412",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28412"
            },
            {
              "name": "ADV-2007-4057",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4057"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "RHSA-2011:0999",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
            },
            {
              "name": "26639",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26639"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "27853",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27853"
            },
            {
              "name": "20080212 FLEA-2008-0004-1 rsync",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
            },
            {
              "name": "27863",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27863"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
            },
            {
              "name": "http://rsync.samba.org/security.html#s3_0_0",
              "refsource": "CONFIRM",
              "url": "http://rsync.samba.org/security.html#s3_0_0"
            },
            {
              "name": "28457",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28457"
            },
            {
              "name": "MDVSA-2008:011",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "1019012",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019012"
            },
            {
              "name": "SUSE-SR:2008:001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6200",
    "datePublished": "2007-12-01T01:00:00",
    "dateReserved": "2007-11-30T00:00:00",
    "dateUpdated": "2024-08-07T15:54:27.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57F41B40-75E6-45C8-A5FB-8464C0B2D064\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"300A6A65-05FD-401C-80F6-B5F5B1F056E0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA3D53C9-3806-45E6-8AE9-7D41280EF64C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D29C5A03-A7C9-4780-BB63-CF1E874D018D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70440F49-AEE9-41BE-8E1A-43AB657C8E09\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74022B69-6557-4746-9080-24E4DDA44026\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2081CB54-130C-4A25-A2EE-42249DD6B3EB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"393F7E04-2288-45FE-8971-CC1BA036CA95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60BF457A-B318-475D-950A-9D873C0C667C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52CA63EE-0911-44AE-9901-FE46FB659D06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF678D2B-CD03-4A19-90B4-36448E55943E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E454C988-08A3-4269-AC6A-2A975D288C56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12BB68EF-28DF-4326-84A3-C215005FD3D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41DC890B-3D3D-41DB-8380-5C290B708350\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C0E3499-E90D-40C6-B85A-6CC2312532C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C23042EA-1243-4786-8F76-CDB94E5B909B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31F7C3A4-88F3-454F-9046-CA169FF12106\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63756B36-3D03-4C2E-A1B6-AC45B045F94F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC820774-2B62-4B91-BC1A-EF6B81DD63C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4329E28A-F133-414B-98E5-F117C1B73711\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE1E7733-4A97-4817-8192-BDAA539AD2F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEB2A38C-5971-4C38-A2A8-7B8FD44C3816\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCD479A6-7E13-41FB-B6D9-4CBA1459083B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D08AA818-CEF0-4EA8-BF6B-90A4F512E88C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AE611E6-4959-4011-A57A-6774F28D58D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DEEFC01-69A5-4760-8052-FB8BA4B125F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A19ACD7B-B36E-42D7-B311-69CD4EF047F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D9A038C-C0B8-416D-B103-5E66963065EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C1BB055-0489-42F7-9FC7-99EDDA7026DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"336FF990-61EE-4F6B-B4BC-D268DADD3D7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"408FDC67-6862-4482-9DC4-E18AFFC3F7C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84537850-6D26-47D3-9888-810B8305BD3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AD67864-2BED-42AD-985E-34058C07FEBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"382AFB02-339D-45BB-A60D-7C751F943762\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32A205AF-8E75-4AD8-BE0F-EC6A9296D127\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura.  Permite que atacantes remotos  vulneren exclude, exclude_from, y filter, adem\\u00e1s de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar.\"}]",
      "id": "CVE-2007-6200",
      "lastModified": "2024-11-21T00:39:35.557",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-12-01T06:46:00.000",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rsync.samba.org/security.html#s3_0_0\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27853\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27863\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/28412\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28457\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31326\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1019012\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0999.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487991/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26639\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4057\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2268\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rsync.samba.org/security.html#s3_0_0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27853\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27863\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/28412\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31326\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1019012\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0999.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487991/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26639\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4057\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2268\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6200\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.\", \"lastModified\": \"2007-12-06T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6200\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-12-01T06:46:00.000\",\"lastModified\":\"2024-11-21T00:39:35.557\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura.  Permite que atacantes remotos  vulneren exclude, exclude_from, y filter, adem\u00e1s de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57F41B40-75E6-45C8-A5FB-8464C0B2D064\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"300A6A65-05FD-401C-80F6-B5F5B1F056E0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA3D53C9-3806-45E6-8AE9-7D41280EF64C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D29C5A03-A7C9-4780-BB63-CF1E874D018D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70440F49-AEE9-41BE-8E1A-43AB657C8E09\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74022B69-6557-4746-9080-24E4DDA44026\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2081CB54-130C-4A25-A2EE-42249DD6B3EB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"393F7E04-2288-45FE-8971-CC1BA036CA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60BF457A-B318-475D-950A-9D873C0C667C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52CA63EE-0911-44AE-9901-FE46FB659D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF678D2B-CD03-4A19-90B4-36448E55943E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E454C988-08A3-4269-AC6A-2A975D288C56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12BB68EF-28DF-4326-84A3-C215005FD3D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41DC890B-3D3D-41DB-8380-5C290B708350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C0E3499-E90D-40C6-B85A-6CC2312532C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C23042EA-1243-4786-8F76-CDB94E5B909B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31F7C3A4-88F3-454F-9046-CA169FF12106\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63756B36-3D03-4C2E-A1B6-AC45B045F94F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC820774-2B62-4B91-BC1A-EF6B81DD63C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4329E28A-F133-414B-98E5-F117C1B73711\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE1E7733-4A97-4817-8192-BDAA539AD2F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB2A38C-5971-4C38-A2A8-7B8FD44C3816\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCD479A6-7E13-41FB-B6D9-4CBA1459083B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D08AA818-CEF0-4EA8-BF6B-90A4F512E88C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AE611E6-4959-4011-A57A-6774F28D58D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DEEFC01-69A5-4760-8052-FB8BA4B125F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A19ACD7B-B36E-42D7-B311-69CD4EF047F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D9A038C-C0B8-416D-B103-5E66963065EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C1BB055-0489-42F7-9FC7-99EDDA7026DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"336FF990-61EE-4F6B-B4BC-D268DADD3D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"408FDC67-6862-4482-9DC4-E18AFFC3F7C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84537850-6D26-47D3-9888-810B8305BD3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AD67864-2BED-42AD-985E-34058C07FEBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"382AFB02-339D-45BB-A60D-7C751F943762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A205AF-8E75-4AD8-BE0F-EC6A9296D127\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rsync.samba.org/security.html#s3_0_0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27853\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27863\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28412\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28457\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31326\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1019012\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0999.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/487991/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26639\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4057\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2268\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rsync.samba.org/security.html#s3_0_0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31326\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1019012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0999.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/487991/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6200\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.\",\"lastModified\":\"2007-12-06T00:00:00\"}]}}"
  }
}

rhsa-2011_0999

Vulnerability from csaf_redhat

Published

2011-07-21 09:22

Modified

2024-11-22 04:16

Summary

Red Hat Security Advisory: rsync security, bug fix, and enhancement update

Notes

Topic

An updated rsync package that fixes one security issue, several bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

rsync is a program for synchronizing files over a network. A flaw was found in the way the rsync daemon handled the "filter", "exclude", and "exclude from" options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this flaw to bypass those restrictions by using certain command line options and symbolic links, allowing the attacker to overwrite those files if they knew their file names and had write access to them. (CVE-2007-6200) Note: This issue only affected users running rsync as a writable daemon: "read only" set to "false" in the rsync configuration file (for example, "/etc/rsyncd.conf"). By default, this option is set to "true". This update also fixes the following bugs: * The rsync package has been upgraded to upstream version 3.0.6, which provides a number of bug fixes and enhancements over the previous version. (BZ#339971) * When running an rsync daemon that was receiving files, a deferred info, error or log message could have been sent directly to the sender instead of being handled by the "rwrite()" function in the generator. Also, under certain circumstances, a deferred info or error message from the receiver could have bypassed the log file and could have been sent only to the client process. As a result, an "unexpected tag 3" fatal error could have been displayed. These problems have been fixed in this update so that an rsync daemon receiving files now works as expected. (BZ#471182) * Prior to this update, the rsync daemon called a number of timezone-using functions after doing a chroot. As a result, certain C libraries were unable to generate proper timestamps from inside a chrooted daemon. This bug has been fixed in this update so that the rsync daemon now calls the respective timezone-using functions prior to doing a chroot, and proper timestamps are now generated as expected. (BZ#575022) * When running rsync under a non-root user with the "-A" ("--acls") option and without using the "--numeric-ids" option, if there was an Access Control List (ACL) that included a group entry for a group that the respective user was not a member of on the receiving side, the "acl_set_file()" function returned an invalid argument value ("EINVAL"). This was caused by rsync mistakenly mapping the group name to the Group ID "GID_NONE" ("-1"), which failed. The bug has been fixed in this update so that no invalid argument is returned and rsync works as expected. (BZ#616093) * When creating a sparse file that was zero blocks long, the "rsync --sparse" command did not properly truncate the sparse file at the end of the copy transaction. As a result, the file size was bigger than expected. This bug has been fixed in this update by properly truncating the file so that rsync now copies such files as expected. (BZ#530866) * Under certain circumstances, when using rsync in daemon mode, rsync generator instances could have entered an infinitive loop, trying to write an error message for the receiver to an invalid socket. This problem has been fixed in this update by adding a new sibling message: when the receiver is reporting a socket-read error, the generator will notice this fact and avoid writing an error message down the socket, allowing it to close down gracefully when the pipe from the receiver closes. (BZ#690148) * Prior to this update, there were missing deallocations found in the "start_client()" function. This bug has been fixed in this update and no longer occurs. (BZ#700450) All users of rsync are advised to upgrade to this updated package, which resolves these issues and adds enhancements.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated rsync package that fixes one security issue, several bugs, and\nadds enhancements is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "rsync is a program for synchronizing files over a network.\n\nA flaw was found in the way the rsync daemon handled the \"filter\",\n\"exclude\", and \"exclude from\" options, used for hiding files and preventing\naccess to them from rsync clients. A remote attacker could use this flaw to\nbypass those restrictions by using certain command line options and\nsymbolic links, allowing the attacker to overwrite those files if they knew\ntheir file names and had write access to them. (CVE-2007-6200)\n\nNote: This issue only affected users running rsync as a writable daemon:\n\"read only\" set to \"false\" in the rsync configuration file (for example,\n\"/etc/rsyncd.conf\"). By default, this option is set to \"true\".\n\nThis update also fixes the following bugs:\n\n* The rsync package has been upgraded to upstream version 3.0.6, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#339971)\n\n* When running an rsync daemon that was receiving files, a deferred info,\nerror or log message could have been sent directly to the sender instead of\nbeing handled by the \"rwrite()\" function in the generator. Also, under\ncertain circumstances, a deferred info or error message from the receiver\ncould have bypassed the log file and could have been sent only to the\nclient process. As a result, an \"unexpected tag 3\" fatal error could have\nbeen displayed. These problems have been fixed in this update so that an\nrsync daemon receiving files now works as expected. (BZ#471182)\n\n* Prior to this update, the rsync daemon called a number of timezone-using\nfunctions after doing a chroot. As a result, certain C libraries were\nunable to generate proper timestamps from inside a chrooted daemon. This\nbug has been fixed in this update so that the rsync daemon now calls the\nrespective timezone-using functions prior to doing a chroot, and proper\ntimestamps are now generated as expected. (BZ#575022)\n\n* When running rsync under a non-root user with the \"-A\" (\"--acls\") option\nand without using the \"--numeric-ids\" option, if there was an Access\nControl List (ACL) that included a group entry for a group that the\nrespective user was not a member of on the receiving side, the\n\"acl_set_file()\" function returned an invalid argument value (\"EINVAL\").\nThis was caused by rsync mistakenly mapping the group name to the Group ID\n\"GID_NONE\" (\"-1\"), which failed. The bug has been fixed in this update so\nthat no invalid argument is returned and rsync works as expected.\n(BZ#616093)\n\n* When creating a sparse file that was zero blocks long, the \"rsync\n--sparse\" command did not properly truncate the sparse file at the end of\nthe copy transaction. As a result, the file size was bigger than expected.\nThis bug has been fixed in this update by properly truncating the file so\nthat rsync now copies such files as expected. (BZ#530866)\n\n* Under certain circumstances, when using rsync in daemon mode, rsync\ngenerator instances could have entered an infinitive loop, trying to write\nan error message for the receiver to an invalid socket. This problem has\nbeen fixed in this update by adding a new sibling message: when the\nreceiver is reporting a socket-read error, the generator will notice this\nfact and avoid writing an error message down the socket, allowing it to\nclose down gracefully when the pipe from the receiver closes. (BZ#690148)\n\n* Prior to this update, there were missing deallocations found in the\n\"start_client()\" function. This bug has been fixed in this update and no\nlonger occurs. (BZ#700450)\n\nAll users of rsync are advised to upgrade to this updated package, which\nresolves these issues and adds enhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:0999",
        "url": "https://access.redhat.com/errata/RHSA-2011:0999"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://rsync.samba.org/security.html#s3_0_0",
        "url": "http://rsync.samba.org/security.html#s3_0_0"
      },
      {
        "category": "external",
        "summary": "339971",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=339971"
      },
      {
        "category": "external",
        "summary": "407171",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=407171"
      },
      {
        "category": "external",
        "summary": "471182",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=471182"
      },
      {
        "category": "external",
        "summary": "530866",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530866"
      },
      {
        "category": "external",
        "summary": "575022",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575022"
      },
      {
        "category": "external",
        "summary": "616093",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=616093"
      },
      {
        "category": "external",
        "summary": "690148",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690148"
      },
      {
        "category": "external",
        "summary": "700450",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700450"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0999.json"
      }
    ],
    "title": "Red Hat Security Advisory: rsync security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T04:16:12+00:00",
      "generator": {
        "date": "2024-11-22T04:16:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2011:0999",
      "initial_release_date": "2011-07-21T09:22:00+00:00",
      "revision_history": [
        {
          "date": "2011-07-21T09:22:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-07-21T06:48:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T04:16:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.src",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.src",
                  "product_id": "rsync-0:3.0.6-4.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.x86_64",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.x86_64",
                  "product_id": "rsync-0:3.0.6-4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.i386",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.i386",
                  "product_id": "rsync-0:3.0.6-4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.i386",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.i386",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.ia64",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.ia64",
                  "product_id": "rsync-0:3.0.6-4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.ppc",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.ppc",
                  "product_id": "rsync-0:3.0.6-4.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.s390x",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.s390x",
                  "product_id": "rsync-0:3.0.6-4.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.src"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.src"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-6200",
      "discovery_date": "2007-12-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "407171"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rsync excluded content access restrictions bypass via symlinks",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:rsync-0:3.0.6-4.el5.i386",
          "5Client:rsync-0:3.0.6-4.el5.ia64",
          "5Client:rsync-0:3.0.6-4.el5.ppc",
          "5Client:rsync-0:3.0.6-4.el5.s390x",
          "5Client:rsync-0:3.0.6-4.el5.src",
          "5Client:rsync-0:3.0.6-4.el5.x86_64",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64",
          "5Server:rsync-0:3.0.6-4.el5.i386",
          "5Server:rsync-0:3.0.6-4.el5.ia64",
          "5Server:rsync-0:3.0.6-4.el5.ppc",
          "5Server:rsync-0:3.0.6-4.el5.s390x",
          "5Server:rsync-0:3.0.6-4.el5.src",
          "5Server:rsync-0:3.0.6-4.el5.x86_64",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6200"
        },
        {
          "category": "external",
          "summary": "RHBZ#407171",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=407171"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6200",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6200",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6200"
        }
      ],
      "release_date": "2007-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-07-21T09:22:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
          "product_ids": [
            "5Client:rsync-0:3.0.6-4.el5.i386",
            "5Client:rsync-0:3.0.6-4.el5.ia64",
            "5Client:rsync-0:3.0.6-4.el5.ppc",
            "5Client:rsync-0:3.0.6-4.el5.s390x",
            "5Client:rsync-0:3.0.6-4.el5.src",
            "5Client:rsync-0:3.0.6-4.el5.x86_64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-0:3.0.6-4.el5.i386",
            "5Server:rsync-0:3.0.6-4.el5.ia64",
            "5Server:rsync-0:3.0.6-4.el5.ppc",
            "5Server:rsync-0:3.0.6-4.el5.s390x",
            "5Server:rsync-0:3.0.6-4.el5.src",
            "5Server:rsync-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:0999"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:rsync-0:3.0.6-4.el5.i386",
            "5Client:rsync-0:3.0.6-4.el5.ia64",
            "5Client:rsync-0:3.0.6-4.el5.ppc",
            "5Client:rsync-0:3.0.6-4.el5.s390x",
            "5Client:rsync-0:3.0.6-4.el5.src",
            "5Client:rsync-0:3.0.6-4.el5.x86_64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-0:3.0.6-4.el5.i386",
            "5Server:rsync-0:3.0.6-4.el5.ia64",
            "5Server:rsync-0:3.0.6-4.el5.ppc",
            "5Server:rsync-0:3.0.6-4.el5.s390x",
            "5Server:rsync-0:3.0.6-4.el5.src",
            "5Server:rsync-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rsync excluded content access restrictions bypass via symlinks"
    }
  ]
}

rhsa-2011:0999

Vulnerability from csaf_redhat

Published

2011-07-21 09:22

Modified

2024-11-22 04:16

Summary

Red Hat Security Advisory: rsync security, bug fix, and enhancement update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated rsync package that fixes one security issue, several bugs, and\nadds enhancements is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "rsync is a program for synchronizing files over a network.\n\nA flaw was found in the way the rsync daemon handled the \"filter\",\n\"exclude\", and \"exclude from\" options, used for hiding files and preventing\naccess to them from rsync clients. A remote attacker could use this flaw to\nbypass those restrictions by using certain command line options and\nsymbolic links, allowing the attacker to overwrite those files if they knew\ntheir file names and had write access to them. (CVE-2007-6200)\n\nNote: This issue only affected users running rsync as a writable daemon:\n\"read only\" set to \"false\" in the rsync configuration file (for example,\n\"/etc/rsyncd.conf\"). By default, this option is set to \"true\".\n\nThis update also fixes the following bugs:\n\n* The rsync package has been upgraded to upstream version 3.0.6, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#339971)\n\n* When running an rsync daemon that was receiving files, a deferred info,\nerror or log message could have been sent directly to the sender instead of\nbeing handled by the \"rwrite()\" function in the generator. Also, under\ncertain circumstances, a deferred info or error message from the receiver\ncould have bypassed the log file and could have been sent only to the\nclient process. As a result, an \"unexpected tag 3\" fatal error could have\nbeen displayed. These problems have been fixed in this update so that an\nrsync daemon receiving files now works as expected. (BZ#471182)\n\n* Prior to this update, the rsync daemon called a number of timezone-using\nfunctions after doing a chroot. As a result, certain C libraries were\nunable to generate proper timestamps from inside a chrooted daemon. This\nbug has been fixed in this update so that the rsync daemon now calls the\nrespective timezone-using functions prior to doing a chroot, and proper\ntimestamps are now generated as expected. (BZ#575022)\n\n* When running rsync under a non-root user with the \"-A\" (\"--acls\") option\nand without using the \"--numeric-ids\" option, if there was an Access\nControl List (ACL) that included a group entry for a group that the\nrespective user was not a member of on the receiving side, the\n\"acl_set_file()\" function returned an invalid argument value (\"EINVAL\").\nThis was caused by rsync mistakenly mapping the group name to the Group ID\n\"GID_NONE\" (\"-1\"), which failed. The bug has been fixed in this update so\nthat no invalid argument is returned and rsync works as expected.\n(BZ#616093)\n\n* When creating a sparse file that was zero blocks long, the \"rsync\n--sparse\" command did not properly truncate the sparse file at the end of\nthe copy transaction. As a result, the file size was bigger than expected.\nThis bug has been fixed in this update by properly truncating the file so\nthat rsync now copies such files as expected. (BZ#530866)\n\n* Under certain circumstances, when using rsync in daemon mode, rsync\ngenerator instances could have entered an infinitive loop, trying to write\nan error message for the receiver to an invalid socket. This problem has\nbeen fixed in this update by adding a new sibling message: when the\nreceiver is reporting a socket-read error, the generator will notice this\nfact and avoid writing an error message down the socket, allowing it to\nclose down gracefully when the pipe from the receiver closes. (BZ#690148)\n\n* Prior to this update, there were missing deallocations found in the\n\"start_client()\" function. This bug has been fixed in this update and no\nlonger occurs. (BZ#700450)\n\nAll users of rsync are advised to upgrade to this updated package, which\nresolves these issues and adds enhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:0999",
        "url": "https://access.redhat.com/errata/RHSA-2011:0999"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://rsync.samba.org/security.html#s3_0_0",
        "url": "http://rsync.samba.org/security.html#s3_0_0"
      },
      {
        "category": "external",
        "summary": "339971",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=339971"
      },
      {
        "category": "external",
        "summary": "407171",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=407171"
      },
      {
        "category": "external",
        "summary": "471182",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=471182"
      },
      {
        "category": "external",
        "summary": "530866",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530866"
      },
      {
        "category": "external",
        "summary": "575022",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575022"
      },
      {
        "category": "external",
        "summary": "616093",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=616093"
      },
      {
        "category": "external",
        "summary": "690148",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690148"
      },
      {
        "category": "external",
        "summary": "700450",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700450"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0999.json"
      }
    ],
    "title": "Red Hat Security Advisory: rsync security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T04:16:12+00:00",
      "generator": {
        "date": "2024-11-22T04:16:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2011:0999",
      "initial_release_date": "2011-07-21T09:22:00+00:00",
      "revision_history": [
        {
          "date": "2011-07-21T09:22:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-07-21T06:48:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T04:16:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.src",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.src",
                  "product_id": "rsync-0:3.0.6-4.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.x86_64",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.x86_64",
                  "product_id": "rsync-0:3.0.6-4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.i386",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.i386",
                  "product_id": "rsync-0:3.0.6-4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.i386",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.i386",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.ia64",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.ia64",
                  "product_id": "rsync-0:3.0.6-4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.ppc",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.ppc",
                  "product_id": "rsync-0:3.0.6-4.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.s390x",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.s390x",
                  "product_id": "rsync-0:3.0.6-4.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.src"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.src"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-6200",
      "discovery_date": "2007-12-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "407171"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rsync excluded content access restrictions bypass via symlinks",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:rsync-0:3.0.6-4.el5.i386",
          "5Client:rsync-0:3.0.6-4.el5.ia64",
          "5Client:rsync-0:3.0.6-4.el5.ppc",
          "5Client:rsync-0:3.0.6-4.el5.s390x",
          "5Client:rsync-0:3.0.6-4.el5.src",
          "5Client:rsync-0:3.0.6-4.el5.x86_64",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64",
          "5Server:rsync-0:3.0.6-4.el5.i386",
          "5Server:rsync-0:3.0.6-4.el5.ia64",
          "5Server:rsync-0:3.0.6-4.el5.ppc",
          "5Server:rsync-0:3.0.6-4.el5.s390x",
          "5Server:rsync-0:3.0.6-4.el5.src",
          "5Server:rsync-0:3.0.6-4.el5.x86_64",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6200"
        },
        {
          "category": "external",
          "summary": "RHBZ#407171",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=407171"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6200",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6200",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6200"
        }
      ],
      "release_date": "2007-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-07-21T09:22:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
          "product_ids": [
            "5Client:rsync-0:3.0.6-4.el5.i386",
            "5Client:rsync-0:3.0.6-4.el5.ia64",
            "5Client:rsync-0:3.0.6-4.el5.ppc",
            "5Client:rsync-0:3.0.6-4.el5.s390x",
            "5Client:rsync-0:3.0.6-4.el5.src",
            "5Client:rsync-0:3.0.6-4.el5.x86_64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-0:3.0.6-4.el5.i386",
            "5Server:rsync-0:3.0.6-4.el5.ia64",
            "5Server:rsync-0:3.0.6-4.el5.ppc",
            "5Server:rsync-0:3.0.6-4.el5.s390x",
            "5Server:rsync-0:3.0.6-4.el5.src",
            "5Server:rsync-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:0999"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:rsync-0:3.0.6-4.el5.i386",
            "5Client:rsync-0:3.0.6-4.el5.ia64",
            "5Client:rsync-0:3.0.6-4.el5.ppc",
            "5Client:rsync-0:3.0.6-4.el5.s390x",
            "5Client:rsync-0:3.0.6-4.el5.src",
            "5Client:rsync-0:3.0.6-4.el5.x86_64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-0:3.0.6-4.el5.i386",
            "5Server:rsync-0:3.0.6-4.el5.ia64",
            "5Server:rsync-0:3.0.6-4.el5.ppc",
            "5Server:rsync-0:3.0.6-4.el5.s390x",
            "5Server:rsync-0:3.0.6-4.el5.src",
            "5Server:rsync-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rsync excluded content access restrictions bypass via symlinks"
    }
  ]
}

RHSA-2011:0999

Vulnerability from csaf_redhat

Published

2011-07-21 09:22

Modified

2024-11-22 04:16

Summary

Red Hat Security Advisory: rsync security, bug fix, and enhancement update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated rsync package that fixes one security issue, several bugs, and\nadds enhancements is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "rsync is a program for synchronizing files over a network.\n\nA flaw was found in the way the rsync daemon handled the \"filter\",\n\"exclude\", and \"exclude from\" options, used for hiding files and preventing\naccess to them from rsync clients. A remote attacker could use this flaw to\nbypass those restrictions by using certain command line options and\nsymbolic links, allowing the attacker to overwrite those files if they knew\ntheir file names and had write access to them. (CVE-2007-6200)\n\nNote: This issue only affected users running rsync as a writable daemon:\n\"read only\" set to \"false\" in the rsync configuration file (for example,\n\"/etc/rsyncd.conf\"). By default, this option is set to \"true\".\n\nThis update also fixes the following bugs:\n\n* The rsync package has been upgraded to upstream version 3.0.6, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#339971)\n\n* When running an rsync daemon that was receiving files, a deferred info,\nerror or log message could have been sent directly to the sender instead of\nbeing handled by the \"rwrite()\" function in the generator. Also, under\ncertain circumstances, a deferred info or error message from the receiver\ncould have bypassed the log file and could have been sent only to the\nclient process. As a result, an \"unexpected tag 3\" fatal error could have\nbeen displayed. These problems have been fixed in this update so that an\nrsync daemon receiving files now works as expected. (BZ#471182)\n\n* Prior to this update, the rsync daemon called a number of timezone-using\nfunctions after doing a chroot. As a result, certain C libraries were\nunable to generate proper timestamps from inside a chrooted daemon. This\nbug has been fixed in this update so that the rsync daemon now calls the\nrespective timezone-using functions prior to doing a chroot, and proper\ntimestamps are now generated as expected. (BZ#575022)\n\n* When running rsync under a non-root user with the \"-A\" (\"--acls\") option\nand without using the \"--numeric-ids\" option, if there was an Access\nControl List (ACL) that included a group entry for a group that the\nrespective user was not a member of on the receiving side, the\n\"acl_set_file()\" function returned an invalid argument value (\"EINVAL\").\nThis was caused by rsync mistakenly mapping the group name to the Group ID\n\"GID_NONE\" (\"-1\"), which failed. The bug has been fixed in this update so\nthat no invalid argument is returned and rsync works as expected.\n(BZ#616093)\n\n* When creating a sparse file that was zero blocks long, the \"rsync\n--sparse\" command did not properly truncate the sparse file at the end of\nthe copy transaction. As a result, the file size was bigger than expected.\nThis bug has been fixed in this update by properly truncating the file so\nthat rsync now copies such files as expected. (BZ#530866)\n\n* Under certain circumstances, when using rsync in daemon mode, rsync\ngenerator instances could have entered an infinitive loop, trying to write\nan error message for the receiver to an invalid socket. This problem has\nbeen fixed in this update by adding a new sibling message: when the\nreceiver is reporting a socket-read error, the generator will notice this\nfact and avoid writing an error message down the socket, allowing it to\nclose down gracefully when the pipe from the receiver closes. (BZ#690148)\n\n* Prior to this update, there were missing deallocations found in the\n\"start_client()\" function. This bug has been fixed in this update and no\nlonger occurs. (BZ#700450)\n\nAll users of rsync are advised to upgrade to this updated package, which\nresolves these issues and adds enhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:0999",
        "url": "https://access.redhat.com/errata/RHSA-2011:0999"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://rsync.samba.org/security.html#s3_0_0",
        "url": "http://rsync.samba.org/security.html#s3_0_0"
      },
      {
        "category": "external",
        "summary": "339971",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=339971"
      },
      {
        "category": "external",
        "summary": "407171",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=407171"
      },
      {
        "category": "external",
        "summary": "471182",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=471182"
      },
      {
        "category": "external",
        "summary": "530866",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530866"
      },
      {
        "category": "external",
        "summary": "575022",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=575022"
      },
      {
        "category": "external",
        "summary": "616093",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=616093"
      },
      {
        "category": "external",
        "summary": "690148",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690148"
      },
      {
        "category": "external",
        "summary": "700450",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700450"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0999.json"
      }
    ],
    "title": "Red Hat Security Advisory: rsync security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T04:16:12+00:00",
      "generator": {
        "date": "2024-11-22T04:16:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2011:0999",
      "initial_release_date": "2011-07-21T09:22:00+00:00",
      "revision_history": [
        {
          "date": "2011-07-21T09:22:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-07-21T06:48:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T04:16:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.src",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.src",
                  "product_id": "rsync-0:3.0.6-4.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.x86_64",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.x86_64",
                  "product_id": "rsync-0:3.0.6-4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.i386",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.i386",
                  "product_id": "rsync-0:3.0.6-4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.i386",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.i386",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.ia64",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.ia64",
                  "product_id": "rsync-0:3.0.6-4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.ppc",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.ppc",
                  "product_id": "rsync-0:3.0.6-4.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-0:3.0.6-4.el5.s390x",
                "product": {
                  "name": "rsync-0:3.0.6-4.el5.s390x",
                  "product_id": "rsync-0:3.0.6-4.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync@3.0.6-4.el5?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
                "product": {
                  "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
                  "product_id": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rsync-debuginfo@3.0.6-4.el5?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.src"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.src"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-debuginfo-0:3.0.6-4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
        },
        "product_reference": "rsync-debuginfo-0:3.0.6-4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-6200",
      "discovery_date": "2007-12-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "407171"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rsync excluded content access restrictions bypass via symlinks",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:rsync-0:3.0.6-4.el5.i386",
          "5Client:rsync-0:3.0.6-4.el5.ia64",
          "5Client:rsync-0:3.0.6-4.el5.ppc",
          "5Client:rsync-0:3.0.6-4.el5.s390x",
          "5Client:rsync-0:3.0.6-4.el5.src",
          "5Client:rsync-0:3.0.6-4.el5.x86_64",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x",
          "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64",
          "5Server:rsync-0:3.0.6-4.el5.i386",
          "5Server:rsync-0:3.0.6-4.el5.ia64",
          "5Server:rsync-0:3.0.6-4.el5.ppc",
          "5Server:rsync-0:3.0.6-4.el5.s390x",
          "5Server:rsync-0:3.0.6-4.el5.src",
          "5Server:rsync-0:3.0.6-4.el5.x86_64",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x",
          "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6200"
        },
        {
          "category": "external",
          "summary": "RHBZ#407171",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=407171"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6200",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6200",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6200"
        }
      ],
      "release_date": "2007-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-07-21T09:22:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
          "product_ids": [
            "5Client:rsync-0:3.0.6-4.el5.i386",
            "5Client:rsync-0:3.0.6-4.el5.ia64",
            "5Client:rsync-0:3.0.6-4.el5.ppc",
            "5Client:rsync-0:3.0.6-4.el5.s390x",
            "5Client:rsync-0:3.0.6-4.el5.src",
            "5Client:rsync-0:3.0.6-4.el5.x86_64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-0:3.0.6-4.el5.i386",
            "5Server:rsync-0:3.0.6-4.el5.ia64",
            "5Server:rsync-0:3.0.6-4.el5.ppc",
            "5Server:rsync-0:3.0.6-4.el5.s390x",
            "5Server:rsync-0:3.0.6-4.el5.src",
            "5Server:rsync-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:0999"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client:rsync-0:3.0.6-4.el5.i386",
            "5Client:rsync-0:3.0.6-4.el5.ia64",
            "5Client:rsync-0:3.0.6-4.el5.ppc",
            "5Client:rsync-0:3.0.6-4.el5.s390x",
            "5Client:rsync-0:3.0.6-4.el5.src",
            "5Client:rsync-0:3.0.6-4.el5.x86_64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Client:rsync-debuginfo-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-0:3.0.6-4.el5.i386",
            "5Server:rsync-0:3.0.6-4.el5.ia64",
            "5Server:rsync-0:3.0.6-4.el5.ppc",
            "5Server:rsync-0:3.0.6-4.el5.s390x",
            "5Server:rsync-0:3.0.6-4.el5.src",
            "5Server:rsync-0:3.0.6-4.el5.x86_64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.i386",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ia64",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.ppc",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.s390x",
            "5Server:rsync-debuginfo-0:3.0.6-4.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rsync excluded content access restrictions bypass via symlinks"
    }
  ]
}

cve-2007-6200

Vulnerability from fkie_nvd

Published

2007-12-01 06:46

Modified

2024-11-21 00:39

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
cve@mitre.org	http://rsync.samba.org/security.html#s3_0_0	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27853
cve@mitre.org	http://secunia.com/advisories/27863	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28412
cve@mitre.org	http://secunia.com/advisories/28457
cve@mitre.org	http://secunia.com/advisories/31326
cve@mitre.org	http://securitytracker.com/id?1019012
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
cve@mitre.org	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2011-0999.html
cve@mitre.org	http://www.securityfocus.com/archive/1/487991/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26639
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4057
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2268
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rsync.samba.org/security.html#s3_0_0	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27853
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27863	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28412
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28457
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31326
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019012
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0999.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487991/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26639
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4057
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2268

Impacted products

Vendor	Product	Version
slackware	slackware_linux	8.1
slackware	slackware_linux	9.0
slackware	slackware_linux	9.1
slackware	slackware_linux	10.0
slackware	slackware_linux	10.1
slackware	slackware_linux	10.2
slackware	slackware_linux	11.0
slackware	slackware_linux	12.0
rsync	rsync	2.3.1
rsync	rsync	2.3.2
rsync	rsync	2.3.2_1.2alpha
rsync	rsync	2.3.2_1.2arm
rsync	rsync	2.3.2_1.2intel
rsync	rsync	2.3.2_1.2m68k
rsync	rsync	2.3.2_1.2ppc
rsync	rsync	2.3.2_1.2sparc
rsync	rsync	2.3.2_1.3
rsync	rsync	2.4.0
rsync	rsync	2.4.1
rsync	rsync	2.4.3
rsync	rsync	2.4.4
rsync	rsync	2.4.5
rsync	rsync	2.4.6
rsync	rsync	2.4.8
rsync	rsync	2.5.0
rsync	rsync	2.5.1
rsync	rsync	2.5.2
rsync	rsync	2.5.3
rsync	rsync	2.5.4
rsync	rsync	2.5.5
rsync	rsync	2.5.6
rsync	rsync	2.5.7
rsync	rsync	2.6
rsync	rsync	2.6.1
rsync	rsync	2.6.2
rsync	rsync	2.6.5
rsync	rsync	2.6.6
rsync	rsync	2.6.7
rsync	rsync	2.6.8
rsync	rsync	2.6.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70440F49-AEE9-41BE-8E1A-43AB657C8E09",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2081CB54-130C-4A25-A2EE-42249DD6B3EB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "393F7E04-2288-45FE-8971-CC1BA036CA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BF457A-B318-475D-950A-9D873C0C667C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
              "matchCriteriaId": "52CA63EE-0911-44AE-9901-FE46FB659D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF678D2B-CD03-4A19-90B4-36448E55943E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
              "matchCriteriaId": "E454C988-08A3-4269-AC6A-2A975D288C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BB68EF-28DF-4326-84A3-C215005FD3D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DC890B-3D3D-41DB-8380-5C290B708350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0E3499-E90D-40C6-B85A-6CC2312532C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23042EA-1243-4786-8F76-CDB94E5B909B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F7C3A4-88F3-454F-9046-CA169FF12106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "63756B36-3D03-4C2E-A1B6-AC45B045F94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC820774-2B62-4B91-BC1A-EF6B81DD63C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4329E28A-F133-414B-98E5-F117C1B73711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1E7733-4A97-4817-8192-BDAA539AD2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD479A6-7E13-41FB-B6D9-4CBA1459083B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE611E6-4959-4011-A57A-6774F28D58D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DEEFC01-69A5-4760-8052-FB8BA4B125F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19ACD7B-B36E-42D7-B311-69CD4EF047F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9A038C-C0B8-416D-B103-5E66963065EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C1BB055-0489-42F7-9FC7-99EDDA7026DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "336FF990-61EE-4F6B-B4BC-D268DADD3D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "408FDC67-6862-4482-9DC4-E18AFFC3F7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84537850-6D26-47D3-9888-810B8305BD3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD67864-2BED-42AD-985E-34058C07FEBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "382AFB02-339D-45BB-A60D-7C751F943762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura.  Permite que atacantes remotos  vulneren exclude, exclude_from, y filter, adem\u00e1s de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar."
    }
  ],
  "id": "CVE-2007-6200",
  "lastModified": "2024-11-21T00:39:35.557",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-12-01T06:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26639"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6200\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2007-12-06T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2007-6200

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-6200

Aliases

CVE-2007-6200

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6200",
    "description": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.",
    "id": "GSD-2007-6200",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-6200.html",
      "https://access.redhat.com/errata/RHSA-2011:0999",
      "https://linux.oracle.com/cve/CVE-2007-6200.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6200"
      ],
      "details": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.",
      "id": "GSD-2007-6200",
      "modified": "2023-12-13T01:21:38.533038Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6200",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28412",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28412"
          },
          {
            "name": "ADV-2007-4057",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4057"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "RHSA-2011:0999",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
          },
          {
            "name": "26639",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26639"
          },
          {
            "name": "ADV-2008-2268",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "27853",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27853"
          },
          {
            "name": "20080212 FLEA-2008-0004-1 rsync",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
          },
          {
            "name": "27863",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27863"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
          },
          {
            "name": "http://rsync.samba.org/security.html#s3_0_0",
            "refsource": "CONFIRM",
            "url": "http://rsync.samba.org/security.html#s3_0_0"
          },
          {
            "name": "28457",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28457"
          },
          {
            "name": "MDVSA-2008:011",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
          },
          {
            "name": "31326",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "1019012",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1019012"
          },
          {
            "name": "SUSE-SR:2008:001",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6200"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://rsync.samba.org/security.html#s3_0_0",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rsync.samba.org/security.html#s3_0_0"
            },
            {
              "name": "26639",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26639"
            },
            {
              "name": "1019012",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1019012"
            },
            {
              "name": "27863",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27863"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
            },
            {
              "name": "27853",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27853"
            },
            {
              "name": "MDVSA-2008:011",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
            },
            {
              "name": "SUSE-SR:2008:001",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
            },
            {
              "name": "28412",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28412"
            },
            {
              "name": "28457",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28457"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "ADV-2007-4057",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4057"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "RHSA-2011:0999",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
            },
            {
              "name": "20080212 FLEA-2008-0004-1 rsync",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:50Z",
      "publishedDate": "2007-12-01T06:46Z"
    }
  }
}

ghsa-2w9v-97wx-v5mj

Vulnerability from github

Published

2022-05-01 18:40

Modified

2022-05-01 18:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6200"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-01T06:46:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.",
  "id": "GHSA-2w9v-97wx-v5mj",
  "modified": "2022-05-01T18:40:27Z",
  "published": "2022-05-01T18:40:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6200"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26639"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2007-6200

Vulnerability from cvelistv5

rhsa-2011_0999

Vulnerability from csaf_redhat

rhsa-2011:0999

Vulnerability from csaf_redhat

RHSA-2011:0999

Vulnerability from csaf_redhat

cve-2007-6200

Vulnerability from fkie_nvd

gsd-2007-6200

Vulnerability from gsd

ghsa-2w9v-97wx-v5mj

Vulnerability from github

Tags

Sightings

Nomenclature