Family: Red Hat Local Security Checks --> Category: infos
RHSA-2004-436: rsync Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the rsync packages
Detailed Explanation for this Vulnerability Test
An updated rsync package that fixes a path sanitizing bug is now available.
The rsync program synchronizes files over a network.
Versions of rsync up to and including version 2.6.2 contain a path
sanitization issue. This issue could allow a possible hacker to read or write
files outside of the rsync directory. This vulnerability is only
exploitable when an rsync server is enabled and is not running within a
chroot. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2004-0792 to this issue.
Users of rsync are advised to upgrade to this updated package, which
contains a backported patch and is not affected by this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2004-436.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.