Gentoo Security Advisory GLSA 200408-17 (rsync) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200408-17.

Solution

All users should update to the latest version of the rsync package. # emerge sync # emerge -pv '>=net-misc/rsync-2.6.0-r3' # emerge '>=net-misc/rsync-2.6.0-r3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200408-17 http://bugs.gentoo.org/show_bug.cgi?id=60309 http://samba.org/rsync/#security_aug04 http://lists.samba.org/archive/rsync-announce/2004/000017.html

Insight

rsync fails to properly sanitize paths. This vulnerability could allow the listing of arbitrary files and allow file overwriting outside module's path on rsync server configurations that allow uploading.

Severity

Classification

CVE CVE-2004-0792
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200406-08 (Squirrelmail)
Gentoo Security Advisory GLSA 200411-25 (SquirrelMail)
Gentoo Security Advisory GLSA 200405-18 (firebird)
Gentoo Security Advisory GLSA 200404-01 (Portage)
Gentoo Security Advisory GLSA 200405-01 (neon)

Take action and discover your vulnerabilities