Gentoo Security Advisory GLSA 200408-17 (rsync) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200408-17.

Solution

All users should update to the latest version of the rsync package. # emerge sync # emerge -pv '>=net-misc/rsync-2.6.0-r3' # emerge '>=net-misc/rsync-2.6.0-r3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200408-17 http://bugs.gentoo.org/show_bug.cgi?id=60309 http://samba.org/rsync/#security_aug04 http://lists.samba.org/archive/rsync-announce/2004/000017.html

Insight

rsync fails to properly sanitize paths. This vulnerability could allow the listing of arbitrary files and allow file overwriting outside module's path on rsync server configurations that allow uploading.

Severity

Classification

CVE CVE-2004-0792

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200412-27 (PHProjekt)
Gentoo Security Advisory GLSA 200409-02 (MySQL)
Gentoo Security Advisory GLSA 200411-25 (SquirrelMail)
Gentoo Security Advisory GLSA 200401-02 (honeyd)
Gentoo Security Advisory GLSA 200409-06 (eGroupWare)

Take action and discover your vulnerabilities