fkie_cve-2004-0792
Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andrew_tridgell | rsync | 2.3.1 | |
| andrew_tridgell | rsync | 2.3.2 | |
| andrew_tridgell | rsync | 2.3.2_1.2 | |
| andrew_tridgell | rsync | 2.3.2_1.2 | |
| andrew_tridgell | rsync | 2.3.2_1.2 | |
| andrew_tridgell | rsync | 2.3.2_1.2 | |
| andrew_tridgell | rsync | 2.3.2_1.2 | |
| andrew_tridgell | rsync | 2.3.2_1.2 | |
| andrew_tridgell | rsync | 2.3.2_1.3 | |
| andrew_tridgell | rsync | 2.4.0 | |
| andrew_tridgell | rsync | 2.4.1 | |
| andrew_tridgell | rsync | 2.4.3 | |
| andrew_tridgell | rsync | 2.4.4 | |
| andrew_tridgell | rsync | 2.4.5 | |
| andrew_tridgell | rsync | 2.4.6 | |
| andrew_tridgell | rsync | 2.4.8 | |
| andrew_tridgell | rsync | 2.5.0 | |
| andrew_tridgell | rsync | 2.5.1 | |
| andrew_tridgell | rsync | 2.5.2 | |
| andrew_tridgell | rsync | 2.5.3 | |
| andrew_tridgell | rsync | 2.5.4 | |
| andrew_tridgell | rsync | 2.5.5 | |
| andrew_tridgell | rsync | 2.5.6 | |
| andrew_tridgell | rsync | 2.5.7 | |
| andrew_tridgell | rsync | 2.6 | |
| andrew_tridgell | rsync | 2.6.1 | |
| andrew_tridgell | rsync | 2.6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "138253E8-6342-4A88-89E6-B579782BC273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06A95770-7838-4D26-98BD-F3C0A264C431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:alpha:*:*:*:*:*",
"matchCriteriaId": "C698EF8A-7EAE-4F23-87FD-57D143759BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:arm:*:*:*:*:*",
"matchCriteriaId": "10E06CAF-D555-46E4-A39B-D1C230E34CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:intel:*:*:*:*:*",
"matchCriteriaId": "CE361EF1-4FC5-4E0B-AC04-F7D46CBC46F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:m68k:*:*:*:*:*",
"matchCriteriaId": "542C7579-F7FE-4D66-9C39-4C89B502614F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:ppc:*:*:*:*:*",
"matchCriteriaId": "A08984C1-C94B-44E7-BF5A-2C4FB74A448E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "A289538D-27D6-430B-ABE4-A2D332491313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5183D1-CBB7-4E91-94A5-9761666A16AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26EB2DBC-F71C-4D86-9436-FA06B7244F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41681E68-E4D3-4466-8BAF-12F38D670C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C472D33-56FC-4939-A800-00C319D44D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D57C7AF3-A648-44E3-9ABF-D546B34BDC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "38450ED2-6642-4ADB-ACBC-702588904B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC163657-8FD5-4578-8452-49ABAA1121D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFB0E34-5886-454E-9680-640F8FE6A4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA756243-887B-42FD-9A68-2D54CE44AA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "502E8AC0-7293-41A0-BA17-873DEE5133DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55E84BFA-DAF8-4842-8542-E244FE16CBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC02AD4-07B4-4A35-BB74-7228A1CDABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "33B1ECCC-AAF1-4A3A-BDFA-7955E1AA3683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4726E9-246B-4C6F-8253-0F09886749A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "59CAA1CD-09D5-40CC-9A27-738B4028BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A9391534-2F3A-4926-89DD-561FCCFA1743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE53D10-4467-4EAE-845F-F527357C0A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D107BB3-7DC7-4138-BE5F-A8B239427DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F902BF6-CC1F-4544-A2FF-839A71C23EB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en la funci\u00f3n sanitize_path en util.c de rsync 2.6.2 y anteriores, cuando chroot est\u00e1 desactivado, permite a atacantes leer o escribir ciertos ficheros."
}
],
"id": "CVE-2004-0792",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109268147522290\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109277141223839\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://samba.org/rsync/#security_aug04"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-538"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:083"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2004_26_rsync.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.net/errata/2004/0042/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109268147522290\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109277141223839\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://samba.org/rsync/#security_aug04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2004_26_rsync.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.net/errata/2004/0042/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…