Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2004-192: rsync Vulnerability Scan


Vulnerability Scan Summary
Check for the version of the rsync packages

Detailed Explanation for this Vulnerability Test


An updated rsync package that fixes a directory traversal security flaw is
now available.

Rsync is a program for synchronizing files over a network.

Rsync before 2.6.1 does not properly sanitize paths when running a
read/write daemon without using chroot. This could allow a remote attacker
to write files outside of the module's "path", depending on the rights
assigned to the rsync daemon. Users not running an rsync daemon, running a
read-only daemon, or running a chrooted daemon are not affected by this
issue. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2004-0426 to this issue.

Users of Rsync are advised to upgrade to this updated package, which
contains a backported patch and is not affected by this issue.




Solution : http://rhn.redhat.com/errata/RHSA-2004-192.html
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.