fkie_nvd - fkie_cve-2007-6200

fkie_cve-2007-6200

Vulnerability from fkie_nvd

Published

2007-12-01 06:46

Modified

2024-11-21 00:39

Severity ?

Summary

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
cve@mitre.org	http://rsync.samba.org/security.html#s3_0_0	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27853
cve@mitre.org	http://secunia.com/advisories/27863	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28412
cve@mitre.org	http://secunia.com/advisories/28457
cve@mitre.org	http://secunia.com/advisories/31326
cve@mitre.org	http://securitytracker.com/id?1019012
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
cve@mitre.org	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2011-0999.html
cve@mitre.org	http://www.securityfocus.com/archive/1/487991/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26639
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4057
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2268
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rsync.samba.org/security.html#s3_0_0	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27853
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27863	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28412
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28457
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31326
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019012
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0999.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487991/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26639
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4057
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2268

Impacted products

Vendor	Product	Version
slackware	slackware_linux	8.1
slackware	slackware_linux	9.0
slackware	slackware_linux	9.1
slackware	slackware_linux	10.0
slackware	slackware_linux	10.1
slackware	slackware_linux	10.2
slackware	slackware_linux	11.0
slackware	slackware_linux	12.0
rsync	rsync	2.3.1
rsync	rsync	2.3.2
rsync	rsync	2.3.2_1.2alpha
rsync	rsync	2.3.2_1.2arm
rsync	rsync	2.3.2_1.2intel
rsync	rsync	2.3.2_1.2m68k
rsync	rsync	2.3.2_1.2ppc
rsync	rsync	2.3.2_1.2sparc
rsync	rsync	2.3.2_1.3
rsync	rsync	2.4.0
rsync	rsync	2.4.1
rsync	rsync	2.4.3
rsync	rsync	2.4.4
rsync	rsync	2.4.5
rsync	rsync	2.4.6
rsync	rsync	2.4.8
rsync	rsync	2.5.0
rsync	rsync	2.5.1
rsync	rsync	2.5.2
rsync	rsync	2.5.3
rsync	rsync	2.5.4
rsync	rsync	2.5.5
rsync	rsync	2.5.6
rsync	rsync	2.5.7
rsync	rsync	2.6
rsync	rsync	2.6.1
rsync	rsync	2.6.2
rsync	rsync	2.6.5
rsync	rsync	2.6.6
rsync	rsync	2.6.7
rsync	rsync	2.6.8
rsync	rsync	2.6.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70440F49-AEE9-41BE-8E1A-43AB657C8E09",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2081CB54-130C-4A25-A2EE-42249DD6B3EB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "393F7E04-2288-45FE-8971-CC1BA036CA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BF457A-B318-475D-950A-9D873C0C667C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
              "matchCriteriaId": "52CA63EE-0911-44AE-9901-FE46FB659D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF678D2B-CD03-4A19-90B4-36448E55943E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
              "matchCriteriaId": "E454C988-08A3-4269-AC6A-2A975D288C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BB68EF-28DF-4326-84A3-C215005FD3D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DC890B-3D3D-41DB-8380-5C290B708350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0E3499-E90D-40C6-B85A-6CC2312532C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23042EA-1243-4786-8F76-CDB94E5B909B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F7C3A4-88F3-454F-9046-CA169FF12106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "63756B36-3D03-4C2E-A1B6-AC45B045F94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC820774-2B62-4B91-BC1A-EF6B81DD63C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4329E28A-F133-414B-98E5-F117C1B73711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1E7733-4A97-4817-8192-BDAA539AD2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD479A6-7E13-41FB-B6D9-4CBA1459083B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE611E6-4959-4011-A57A-6774F28D58D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DEEFC01-69A5-4760-8052-FB8BA4B125F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19ACD7B-B36E-42D7-B311-69CD4EF047F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9A038C-C0B8-416D-B103-5E66963065EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C1BB055-0489-42F7-9FC7-99EDDA7026DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "336FF990-61EE-4F6B-B4BC-D268DADD3D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "408FDC67-6862-4482-9DC4-E18AFFC3F7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84537850-6D26-47D3-9888-810B8305BD3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD67864-2BED-42AD-985E-34058C07FEBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "382AFB02-339D-45BB-A60D-7C751F943762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura.  Permite que atacantes remotos  vulneren exclude, exclude_from, y filter, adem\u00e1s de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar."
    }
  ],
  "id": "CVE-2007-6200",
  "lastModified": "2024-11-21T00:39:35.557",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-12-01T06:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26639"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6200\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2007-12-06T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2007-6200

Vulnerability from cvelistv5

Published

2007-12-01 01:00

Modified

2024-08-07 15:54