FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rsync -- path sanitizing vulnerability

Affected packages
rsync < 2.6.2_2

Details

VuXML ID 2689f4cb-ec4c-11d8-9440-000347a4fa7d
Discovery 2004-08-12
Entry 2004-08-26

An rsync security advisory reports:

There is a path-sanitizing bug that affects daemon mode in all recent rsync versions (including 2.6.2) but only if chroot is disabled.

The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for that module.

References

CVE Name CVE-2004-0792
Message http://lists.samba.org/archive/rsync-announce/2004/000017.html
URL http://samba.org/rsync/#security_aug04
URL http://secunia.com/advisories/12294
URL http://www.osvdb.org/8829