Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-6199

Published: 01/12/2007 Updated: 15/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Slackware

Vulnerability Summary

rsync prior to 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote malicious users to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.

Vulnerable Product Search on Vulmon Subscribe to Product

rsync rsync 2.3.2_1.2alpha

rsync rsync 2.3.2_1.2arm

rsync rsync 2.4.1

rsync rsync 2.4.3

rsync rsync 2.5.3

rsync rsync 2.5.4

rsync rsync 2.6.5

rsync rsync 2.6.6

rsync rsync 2.3.1

rsync rsync 2.3.2

rsync rsync 2.3.2_1.3

rsync rsync 2.4.0

rsync rsync 2.5.0

rsync rsync 2.5.1

rsync rsync 2.5.2

rsync rsync 2.6.1

rsync rsync 2.6.2

rsync rsync 2.3.2_1.2ppc

rsync rsync 2.3.2_1.2sparc

rsync rsync 2.4.6

rsync rsync 2.4.8

rsync rsync 2.5.7

rsync rsync 2.6

rsync rsync 2.6.9

rsync rsync 2.3.2_1.2intel

rsync rsync 2.3.2_1.2m68k

rsync rsync 2.4.4

rsync rsync 2.4.5

rsync rsync 2.5.5

rsync rsync 2.5.6

rsync rsync 2.6.7

rsync rsync 2.6.8

Vendor Advisories

Debian CVElist Bug Report Logs: rsync: CVE-2007-6199, CVE-2007-6200 insecure handling of temporary files
Debian Bug report logs - #453652 rsync: CVE-2007-6199, CVE-2007-6200 insecure handling of temporary files Package: rsync; Maintainer for rsync is Paul Slootman <paul@debianorg>; Source for rsync is src:rsync (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Fri, 30 Nov 2007 12:09:02 UTC Severity ...

References

CWE-16http://rsync.samba.org/security.html#s3_0_0http://www.securityfocus.com/bid/26638http://securitytracker.com/id?1019012http://secunia.com/advisories/27863http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257http://secunia.com/advisories/27853http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://secunia.com/advisories/28412http://secunia.com/advisories/28457http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlhttp://secunia.com/advisories/31326http://www.vupen.com/english/advisories/2007/4057http://www.vupen.com/english/advisories/2008/2268http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.htmlhttp://secunia.com/advisories/61005http://www.securityfocus.com/archive/1/487991/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook