Vulnerability Name:

CVE-2004-0792 (CCN-16975)

Assigned:2004-08-12
Published:2004-08-12
Updated:2017-10-11
Summary:Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-0792

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:881
Fix for path sanitation vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20040816 TSSA-2004-020-ES - rsync

Source: BUGTRAQ
Type: UNKNOWN
20040817 LNSA-#2004-0017: rsync (Aug, 17 2004)

Source: CCN
Type: RHSA-2004-436
rsync security update

Source: CCN
Type: rysnc Web site
Welcome to the rsync web pages

Source: CONFIRM
Type: UNKNOWN
http://samba.org/rsync/#security_aug04

Source: CCN
Type: slackware-security Mailing List, Tue, 12 Oct 2004 00:33:34 -0700 (PDT)
[slackware-security] rsync (SSA:2004-285-01)

Source: CCN
Type: CIAC Information Bulletin 0-198
Rsync Unsanitized Input Processing

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-538

Source: DEBIAN
Type: DSA-538
rsync -- unsanitised input processing

Source: CCN
Type: GLSA-200408-17
rsync: Potential information leakage

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200408-17

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:083

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:026

Source: CCN
Type: OpenPKG-SA-2004.037
Rsync

Source: CCN
Type: BID-10938
Rsync Sanitize_path Function Module Path Escaping Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0042
path sanitizing issue

Source: TRUSTIX
Type: UNKNOWN
2004-0042

Source: CCN
Type: TLSA-2004-20
path-sanitizing bug

Source: XF
Type: UNKNOWN
rsync-sanitizepath-file-overwrite(16975)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10561

Source: SUSE
Type: SUSE-SA:2004:026
rsync: remote system compromise

Vulnerable Configuration:Configuration 1:
  • cpe:/a:andrew_tridgell:rsync:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.3.2_1.2:*:alpha:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.3.2_1.2:*:arm:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.3.2_1.2:*:intel:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.3.2_1.2:*:m68k:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.3.2_1.2:*:ppc:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.3.2_1.2:*:sparc:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.3.2_1.3:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:andrew_tridgell:rsync:2.6.2:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040792
    V
    		CVE-2004-0792
    2015-11-16
    oval:org.mitre.oval:def:10561
    V
    		Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
    2013-04-29
    oval:com.redhat.rhsa:def:20040436
    P
    		RHSA-2004:436: rsync security update (Moderate)
    2004-09-01
    oval:org.debian:def:538
    V
    		unsanitised input processing
    2004-08-17
    BACK
    andrew_tridgell rsync 2.3.1
    andrew_tridgell rsync 2.3.2
    andrew_tridgell rsync 2.3.2_1.2
    andrew_tridgell rsync 2.3.2_1.2
    andrew_tridgell rsync 2.3.2_1.2
    andrew_tridgell rsync 2.3.2_1.2
    andrew_tridgell rsync 2.3.2_1.2
    andrew_tridgell rsync 2.3.2_1.2
    andrew_tridgell rsync 2.3.2_1.3
    andrew_tridgell rsync 2.4.0
    andrew_tridgell rsync 2.4.1
    andrew_tridgell rsync 2.4.3
    andrew_tridgell rsync 2.4.4
    andrew_tridgell rsync 2.4.5
    andrew_tridgell rsync 2.4.6
    andrew_tridgell rsync 2.4.8
    andrew_tridgell rsync 2.5.0
    andrew_tridgell rsync 2.5.1
    andrew_tridgell rsync 2.5.2
    andrew_tridgell rsync 2.5.3
    andrew_tridgell rsync 2.5.4
    andrew_tridgell rsync 2.5.5
    andrew_tridgell rsync 2.5.6
    andrew_tridgell rsync 2.5.7
    andrew_tridgell rsync 2.6
    andrew_tridgell rsync 2.6.1
    andrew_tridgell rsync 2.6.2