Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gain root remotely --> Category: infos

rsync path sanitation vulnerability Vulnerability Scan

Vulnerability Scan Summary
Acertains if rsync is running

Detailed Explanation for this Vulnerability Test

A vulnerability has been reported in rsync, which potentially can be exploited
by malicious users to read or write arbitrary files on a vulnerable system.

rsync is a software product for keeping files synched across multiple
systems. Rsync is a network-based program and typically communicates
over TCP port 873.

There is a flaw in this version of rsync which, due to an input validation
error, would allow a remote attacker to gain access to the remote system.

A possible hacker, exploiting this flaw, would need network access to the TCP port.

Successful exploitation requires that the rsync daemon is *not* running chrooted.

*** Since rsync does not advertise its version number
*** and since there are little details about this flaw at
*** this time, this might be a false positive

Solution : Upgrade to rsync 2.6.3 or newer
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.