Test Kennung:	1.3.6.1.4.1.25623.1.0.14223
Kategorie:	Gain a shell remotely
Titel:	rsync path sanitation vulnerability
Zusammenfassung:	A vulnerability has been reported in rsync, which potentially can be exploited; by malicious users to read or write arbitrary files on a vulnerable system.
Beschreibung:	Summary: A vulnerability has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. Vulnerability Insight: An attacker, exploiting this flaw, would need network access to the TCP port. Successful exploitation requires that the rsync daemon is *not* running chrooted. Vulnerability Impact: There is a flaw in this version of rsync which, due to an input validation error, would allow a remote attacker to gain access to the remote system. Solution: Upgrade to rsync 2.6.3 or newer. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	BugTraq ID: 10938 Common Vulnerability Exposure (CVE) ID: CVE-2004-0792 Bugtraq: 20040816 TSSA-2004-020-ES - rsync (Google Search) http://marc.info/?l=bugtraq&m=109268147522290&w=2 Bugtraq: 20040817 LNSA-#2004-0017: rsync (Aug, 17 2004) (Google Search) http://marc.info/?l=bugtraq&m=109277141223839&w=2 Debian Security Information: DSA-538 (Google Search) http://www.debian.org/security/2004/dsa-538 http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561 SuSE Security Announcement: SUSE-SA:2004:026 (Google Search) http://www.novell.com/linux/security/advisories/2004_26_rsync.html http://www.trustix.net/errata/2004/0042/
Copyright	Copyright (C) 2004 David Maciejak

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.