Vulnerability Name: CVE-2007-6200 (CCN-38815) Assigned: 2007-11-28 Published: 2007-11-28 Updated: 2018-10-15 Summary: Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. CVSS v3 Severity: 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N 2.5 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-264 Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2007-6200 APPLE-SA-2008-07-31 SUSE-SR:2008:001 Moderate: rsync security, bug fix, and enhancement update Daemon security fix in 3.0.0pre6 (with a patch for 2.6.9) + one more advisory http://rsync.samba.org/security.html#s3_0_0 27853 rsync Two Security Bypass Vulnerabilities 27863 28412 28457 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities 31326 Rsync Bugs Let Users Bypass Chroot and Exclude/Filter Access Controls 1019012 About Security Update 2008-005 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 MDVSA-2008:011 rsync Unspecified Remote Restriction Bypass RHSA-2011:0999 20080212 FLEA-2008-0004-1 rsync 26639 Rsync Daemon Excludes Multiple File Access Vulnerabilities ADV-2007-4057 ADV-2008-2268 rsync-rsyncd-security-bypass(38815) SUSE Security Summary Report Vulnerable Configuration: Configuration 1 :cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:10.1:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:10.2:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:11.0:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:12.0:*:*:*:*:*:*:* AND cpe:/a:rsync:rsync:2.3.1:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.3.2:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.4.0:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.4.1:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.4.3:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.4.4:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.4.5:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.4.6:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.4.8:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.5.0:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.5.1:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.5.2:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.5.3:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.5.4:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.5.5:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.5.6:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.5.7:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.6:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.6.1:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.6.2:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.6.5:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.6.6:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.6.7:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.6.8:*:*:*:*:*:*:* OR cpe:/a:rsync:rsync:2.6.9:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Oval Definitions BACK
slackware slackware linux 8.1
slackware slackware linux 9.0
slackware slackware linux 9.1
slackware slackware linux 10.0
slackware slackware linux 10.1
slackware slackware linux 10.2
slackware slackware linux 11.0
slackware slackware linux 12.0
rsync rsync 2.3.1
rsync rsync 2.3.2
rsync rsync 2.3.2_1.2alpha
rsync rsync 2.3.2_1.2arm
rsync rsync 2.3.2_1.2intel
rsync rsync 2.3.2_1.2m68k
rsync rsync 2.3.2_1.2ppc
rsync rsync 2.3.2_1.2sparc
rsync rsync 2.3.2_1.3
rsync rsync 2.4.0
rsync rsync 2.4.1
rsync rsync 2.4.3
rsync rsync 2.4.4
rsync rsync 2.4.5
rsync rsync 2.4.6
rsync rsync 2.4.8
rsync rsync 2.5.0
rsync rsync 2.5.1
rsync rsync 2.5.2
rsync rsync 2.5.3
rsync rsync 2.5.4
rsync rsync 2.5.5
rsync rsync 2.5.6
rsync rsync 2.5.7
rsync rsync 2.6
rsync rsync 2.6.1
rsync rsync 2.6.2
rsync rsync 2.6.5
rsync rsync 2.6.6
rsync rsync 2.6.7
rsync rsync 2.6.8
rsync rsync 2.6.9
Denotes that component is vulnerable