CVE-2007-4091 — Off-by-one Error in Rsync

CWE-193 — Off-by-one Error8 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

8.6%

top 7.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Rsync Rsync

Timeline

PublishedAug 16

Latest updateMay 1

Description

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debiansamba/rsync< 2.6.9-5+3

▶NVDrsync/rsync2.6.9

🔴Vulnerability Details

GHSA

GHSA-f26v-rp94-xv52: Multiple off-by-one errors in the sender↗2022-05-01

▶

OSV

CVE-2007-4091: Multiple off-by-one errors in the sender↗2007-08-16

▶

CVEList

CVE-2007-4091: Multiple off-by-one errors in the sender↗2007-08-16

▶

📋Vendor Advisories

Ubuntu

rsync vulnerability↗2007-08-20

▶

Red Hat

rsync off by one flaw↗2007-08-15

▶

Debian

CVE-2007-4091: rsync - Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote att...↗2007

▶

💬Community

Bugzilla

CVE-2007-4091 rsync off by one flaw↗2007-08-15

▶