CVE-2007-6199 — Rsync vulnerability

CWE-167 documents7 sources

Severity

9.3CRITICALNVD

EPSS

6.6%

top 8.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Rsync Rsync

Timeline

PublishedDec 1

Latest updateMay 1

Description

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶Debiansamba/rsync< 2.6.9-6+3

▶NVDrsync/rsync32 versions+31

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-r5c5-5849-8rr9: rsync before 3↗2022-05-01

▶

OSV

CVE-2007-6199: rsync before 3↗2007-12-01

▶

CVEList

CVE-2007-6199: rsync before 3↗2007-12-01

▶

📋Vendor Advisories

Red Hat

When rsync is run w/o chroot, symlinks that point outside daemon's root can be created↗2007-11-28

▶

Debian

CVE-2007-6199: rsync - rsync before 3.0.0pre6, when running a writable rsync daemon that is not using c...↗2007

▶

💬Community

Bugzilla

CVE-2007-6199 When rsync is run w/o chroot, symlinks that point outside daemon's root can be created↗2007-12-01

▶