CVE-2004-0792

7 documents7 sources
Severity
6.4MEDIUM
EPSS
0.8%
top 25.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Andrew Tridgell Rsync
Timeline
PublishedOct 20
Latest updateApr 29

Description

Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

Debianrsync< 2.6.2-3+3
NVDandrew_tridgell/rsync22 versions+21

Patches

Patch: www.debian.orgPatch: www.gentoo.orgPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-6v45-fh9q-v72q: Directory traversal vulnerability in the sanitize_path function in util2022-04-29
OSV
CVE-2004-0792: Directory traversal vulnerability in the sanitize_path function in util2004-10-20
CVEList
CVE-2004-0792: Directory traversal vulnerability in the sanitize_path function in util2004-08-18

📋Vendor Advisories

2
Red Hat
security flaw2004-08-12
Debian
CVE-2004-0792: rsync - Directory traversal vulnerability in the sanitize_path function in util.c for rs...2004

💬Community

1
Bugzilla
CVE-2004-0792 security flaw2018-08-16
CVE-2004-0792 (MEDIUM CVSS 6.4) | Directory traversal vulnerability i | cvebase.io