fkie_cve-2007-6199
Vulnerability from fkie_nvd
Published
2007-12-01 06:46
Modified
2025-04-09 00:30
Severity ?
Summary
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
cve@mitre.orghttp://rsync.samba.org/security.html#s3_0_0
cve@mitre.orghttp://secunia.com/advisories/27853
cve@mitre.orghttp://secunia.com/advisories/27863Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28412
cve@mitre.orghttp://secunia.com/advisories/28457
cve@mitre.orghttp://secunia.com/advisories/31326
cve@mitre.orghttp://secunia.com/advisories/61005
cve@mitre.orghttp://securitytracker.com/id?1019012
cve@mitre.orghttp://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html
cve@mitre.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
cve@mitre.orghttp://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
cve@mitre.orghttp://www.securityfocus.com/archive/1/487991/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/26638Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/4057
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2268
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://rsync.samba.org/security.html#s3_0_0
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27853
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27863Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28412
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28457
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31326
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61005
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1019012
af854a3a-2127-422b-91ae-364da2661108http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/487991/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26638Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/4057
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2268
Impacted products
Vendor Product Version
slackware slackware_linux 8.1
slackware slackware_linux 9.0
slackware slackware_linux 9.1
slackware slackware_linux 10.0
slackware slackware_linux 10.1
slackware slackware_linux 10.2
slackware slackware_linux 11.0
slackware slackware_linux 12.0
rsync rsync 2.3.1
rsync rsync 2.3.2
rsync rsync 2.3.2_1.2alpha
rsync rsync 2.3.2_1.2arm
rsync rsync 2.3.2_1.2intel
rsync rsync 2.3.2_1.2m68k
rsync rsync 2.3.2_1.2ppc
rsync rsync 2.3.2_1.2sparc
rsync rsync 2.3.2_1.3
rsync rsync 2.4.0
rsync rsync 2.4.1
rsync rsync 2.4.3
rsync rsync 2.4.4
rsync rsync 2.4.5
rsync rsync 2.4.6
rsync rsync 2.4.8
rsync rsync 2.5.0
rsync rsync 2.5.1
rsync rsync 2.5.2
rsync rsync 2.5.3
rsync rsync 2.5.4
rsync rsync 2.5.5
rsync rsync 2.5.6
rsync rsync 2.5.7
rsync rsync 2.6
rsync rsync 2.6.1
rsync rsync 2.6.2
rsync rsync 2.6.5
rsync rsync 2.6.6
rsync rsync 2.6.7
rsync rsync 2.6.8
rsync rsync 2.6.9



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70440F49-AEE9-41BE-8E1A-43AB657C8E09",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2081CB54-130C-4A25-A2EE-42249DD6B3EB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "393F7E04-2288-45FE-8971-CC1BA036CA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BF457A-B318-475D-950A-9D873C0C667C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
              "matchCriteriaId": "52CA63EE-0911-44AE-9901-FE46FB659D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF678D2B-CD03-4A19-90B4-36448E55943E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
              "matchCriteriaId": "E454C988-08A3-4269-AC6A-2A975D288C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BB68EF-28DF-4326-84A3-C215005FD3D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DC890B-3D3D-41DB-8380-5C290B708350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0E3499-E90D-40C6-B85A-6CC2312532C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23042EA-1243-4786-8F76-CDB94E5B909B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F7C3A4-88F3-454F-9046-CA169FF12106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "63756B36-3D03-4C2E-A1B6-AC45B045F94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC820774-2B62-4B91-BC1A-EF6B81DD63C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4329E28A-F133-414B-98E5-F117C1B73711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1E7733-4A97-4817-8192-BDAA539AD2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD479A6-7E13-41FB-B6D9-4CBA1459083B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE611E6-4959-4011-A57A-6774F28D58D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DEEFC01-69A5-4760-8052-FB8BA4B125F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19ACD7B-B36E-42D7-B311-69CD4EF047F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9A038C-C0B8-416D-B103-5E66963065EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C1BB055-0489-42F7-9FC7-99EDDA7026DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "336FF990-61EE-4F6B-B4BC-D268DADD3D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "408FDC67-6862-4482-9DC4-E18AFFC3F7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84537850-6D26-47D3-9888-810B8305BD3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD67864-2BED-42AD-985E-34058C07FEBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "382AFB02-339D-45BB-A60D-7C751F943762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
    },
    {
      "lang": "es",
      "value": "rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite as\u00ed que atacantes remotos  accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simb\u00f3lico que apunta fuera de la jerarqu\u00eda de ficheros del m\u00f3dulo."
    }
  ],
  "id": "CVE-2007-6199",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-12-01T06:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/61005"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26638"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat does not consider this to be a security issue. Versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 behave as expected and that behavior was well documented.",
      "lastModified": "2007-12-06T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…