The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| andrew_tridgell | rsync | * |
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| andrew_tridgell | rsync | 2.4.6 |
| andrew_tridgell | rsync | 2.3.2 |
| andrew_tridgell | rsync | 2.4.3 |
| andrew_tridgell | rsync | 2.4.4 |
| andrew_tridgell | rsync | 2.5.1 |
| andrew_tridgell | rsync | 2.3.2_1.2 |
| andrew_tridgell | rsync | 2.5.0_1 |
| andrew_tridgell | rsync | 2.3.1 |
| andrew_tridgell | rsync | 2.4.1 |
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | rsync | 2.4.6-5 |
| andrew_tridgell | rsync | 2.5.2 |
| slackware | slackware_linux | 9.0 |
| andrew_tridgell | rsync | 2.4.0 |
| andrew_tridgell | rsync | 2.4.1 |
| andrew_tridgell | rsync | 2.5.0 |
| andrew_tridgell | rsync | 2.5.6 |
| andrew_tridgell | rsync | 2.4.8 |
| redhat | rsync | 2.5.5-1 |
| andrew_tridgell | rsync | 2.4.3 |
| engardelinux | secure_linux | 1.2 |
| slackware | slackware_linux | current |
| slackware | slackware_linux | 8.1 |
| engardelinux | secure_community | 2.0 |
| andrew_tridgell | rsync | 2.4.6 |
| andrew_tridgell | rsync | 2.4.5 |
| andrew_tridgell | rsync | 2.5.4 |
| engardelinux | secure_community | 1.0.1 |
| andrew_tridgell | rsync | 2.5.3 |
| redhat | rsync | 2.4.6-2 |
| andrew_tridgell | rsync | 2.3.1 |
| redhat | rsync | 2.5.5-4 |
| slackware | slackware_linux | 9.1 |
| andrew_tridgell | rsync | 2.3.2 |
| andrew_tridgell | rsync | 2.4.4 |
| engardelinux | secure_linux | 1.1 |
| andrew_tridgell | rsync | 2.5.1 |
| andrew_tridgell | rsync | 2.5.5 |
| engardelinux | secure_linux | 1.5 |
| redhat | rsync | 2.5.4-2 |
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| andrew_tridgell | rsync | * |
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| andrew_tridgell | rsync | 2.4.6 |
| andrew_tridgell | rsync | 2.4.5 |
| andrew_tridgell | rsync | 2.5.4 |
| andrew_tridgell | rsync | 2.6.2 |
| andrew_tridgell | rsync | 2.5.2 |
| andrew_tridgell | rsync | 2.5.3 |
| andrew_tridgell | rsync | 2.5.7 |
| andrew_tridgell | rsync | 2.3.2_1.2 |
| andrew_tridgell | rsync | 2.6.1 |
| andrew_tridgell | rsync | 2.4.0 |
| andrew_tridgell | rsync | 2.3.1 |
| andrew_tridgell | rsync | 2.4.1 |
| andrew_tridgell | rsync | 2.5.0 |
| andrew_tridgell | rsync | 2.5.6 |
| andrew_tridgell | rsync | 2.4.8 |
| andrew_tridgell | rsync | 2.3.2 |
| andrew_tridgell | rsync | 2.6 |
| andrew_tridgell | rsync | 2.4.3 |
| andrew_tridgell | rsync | 2.4.4 |
| andrew_tridgell | rsync | 2.5.1 |
| andrew_tridgell | rsync | 2.5.5 |
| andrew_tridgell | rsync | 2.3.2_1.3 |
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| andrew_tridgell | rsync | 2.6.2 |
| andrew_tridgell | rsync | 2.6.0 |
| andrew_tridgell | rsync | 2.6.3 |
| andrew_tridgell | rsync | 2.6.4 |
| andrew_tridgell | rsync | 2.6.6 |
| andrew_tridgell | rsync | 2.6.1 |
| andrew_tridgell | rsync | 2.6.7 |
| andrew_tridgell | rsync | 2.6.5 |