CVE-2004-0426 Information

Description

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot which allows remote attackers to write files outside of the module’s path.

Reference

http://marc.info/?l=bugtraq&m=108515912212018&w=2 http://rsync.samba.org/ http://secunia.com/advisories/11514 http://secunia.com/advisories/11515 http://secunia.com/advisories/11523 http://secunia.com/advisories/11537 http://secunia.com/advisories/11583 http://secunia.com/advisories/11669 http://secunia.com/advisories/11688 http://secunia.com/advisories/11993 http://secunia.com/advisories/12054 http://www.ciac.org/ciac/bulletins/o-134.shtml http://www.ciac.org/ciac/bulletins/o-212.shtml http://www.debian.org/security/2004/dsa-499 http://www.gentoo.org/security/en/glsa/glsa-200407-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:042 http://www.redhat.com/support/errata/RHSA-2004-192.html http://www.securityfocus.com/bid/10247 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.403462 http://www.trustix.net/errata/misc/2004/TSL-2004-0024-rsync.asc.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/16014 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9495 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A967