CVE-2004-0426

7 documents7 sources
Severity
5.0MEDIUM
EPSS
3.4%
top 12.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Andrew Tridgell Rsync
Timeline
PublishedJul 7
Latest updateApr 29

Description

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianrsync< 2.6.1-1+3

Patches

Patch: www.debian.orgPatch: www.redhat.comPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-8hxr-8xgg-w97m: rsync before 22022-04-29
OSV
CVE-2004-0426: rsync before 22004-07-07
CVEList
CVE-2004-0426: rsync before 22004-04-30

📋Vendor Advisories

2
Red Hat
security flaw2004-04-26
Debian
CVE-2004-0426: rsync - rsync before 2.6.1 does not properly sanitize paths when running a read/write da...2004

💬Community

1
Bugzilla
CVE-2004-0426 security flaw2018-08-16
CVE-2004-0426 (MEDIUM CVSS 5) | rsync before 2.6.1 does not properl | cvebase.io