Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.14223 |
Kategorie: | Gain a shell remotely |
Titel: | rsync path sanitation vulnerability |
Zusammenfassung: | A vulnerability has been reported in rsync, which potentially can be exploited; by malicious users to read or write arbitrary files on a vulnerable system. |
Beschreibung: | Summary: A vulnerability has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. Vulnerability Insight: An attacker, exploiting this flaw, would need network access to the TCP port. Successful exploitation requires that the rsync daemon is *not* running chrooted. Vulnerability Impact: There is a flaw in this version of rsync which, due to an input validation error, would allow a remote attacker to gain access to the remote system. Solution: Upgrade to rsync 2.6.3 or newer. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
Querverweis: |
BugTraq ID: 10938 Common Vulnerability Exposure (CVE) ID: CVE-2004-0792 Bugtraq: 20040816 TSSA-2004-020-ES - rsync (Google Search) http://marc.info/?l=bugtraq&m=109268147522290&w=2 Bugtraq: 20040817 LNSA-#2004-0017: rsync (Aug, 17 2004) (Google Search) http://marc.info/?l=bugtraq&m=109277141223839&w=2 Debian Security Information: DSA-538 (Google Search) http://www.debian.org/security/2004/dsa-538 http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561 SuSE Security Announcement: SUSE-SA:2004:026 (Google Search) http://www.novell.com/linux/security/advisories/2004_26_rsync.html http://www.trustix.net/errata/2004/0042/ |
Copyright | Copyright (C) 2004 David Maciejak |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |