CVE-2004-0792 Information

Description

Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier when chroot is disabled allows attackers to read or write certain files.

Reference

http://marc.info/?l=bugtraq&m=109268147522290&w=2 http://marc.info/?l=bugtraq&m=109277141223839&w=2 http://samba.org/rsync/security_aug04 http://www.debian.org/security/2004/dsa-538 http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:083 http://www.novell.com/linux/security/advisories/2004_26_rsync.html http://www.trustix.net/errata/2004/0042/ https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10561