Rapid7 Vulnerability & Exploit Database

CESA-2004:436: rsync security update

Back to Search

CESA-2004:436: rsync security update

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
10/20/2004
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

An updated rsync package that fixes a path sanitizing bug is now available.

The rsync program synchronizes files over a network. Versions of rsync up to and including version 2.6.2 contain a path sanitization issue. This issue could allow an attacker to read or write files outside of the rsync directory. This vulnerability is only exploitable when an rsync server is enabled and is not running within a chroot. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0792 to this issue. Users of rsync are advised to upgrade to this updated package, which contains a backported patch and is not affected by this issue.

Solution(s)

  • centos-upgrade-rsync

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;