CVE-2007-6200 — Rsync vulnerability

CWE-2647 documents7 sources

Severity

10.0CRITICALNVD

EPSS

2.3%

top 15.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Rsync Rsync

Timeline

PublishedDec 1

Latest updateMay 1

Description

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debiansamba/rsync< 2.6.9-6+3

▶NVDrsync/rsync32 versions+31

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-2w9v-97wx-v5mj: Unspecified vulnerability in rsync before 3↗2022-05-01

▶

OSV

CVE-2007-6200: Unspecified vulnerability in rsync before 3↗2007-12-01

▶

CVEList

CVE-2007-6200: Unspecified vulnerability in rsync before 3↗2007-12-01

▶

📋Vendor Advisories

Red Hat

rsync excluded content access restrictions bypass via symlinks↗2007-11-28

▶

Debian

CVE-2007-6200: rsync - Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsy...↗2007

▶

💬Community

Bugzilla

CVE-2007-6200 rsync excluded content access restrictions bypass via symlinks↗2007-12-01

▶