FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0426

This CVE name corresponds to:

Entered Topic
2004-05-02 rsync path traversal issue

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0426 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0426
Phase Assigned(20040429)

Description

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.

References

Source Reference
CONFIRM http://rsync.samba.org/
DEBIAN DSA-499
GENTOO GLSA-200407-10
MANDRAKE MDKSA-2004:042
REDHAT RHSA-2004:192
SLACKWARE SSA:2004-124-01
TRUSTIX TSL-2004-0024
BUGTRAQ 20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync)
CIAC O-134
CIAC O-212
BID 10247
OVAL oval:org.mitre.oval:def:9495
SECUNIA 11514
SECUNIA 11515
SECUNIA 11523
SECUNIA 11537
SECUNIA 11583
SECUNIA 11669
SECUNIA 11688
SECUNIA 11993
SECUNIA 12054
OVAL oval:org.mitre.oval:def:967
XF rsync-write-files(16014)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.