2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2007-6199" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2007-12-01T06:46:00.000" ,
2025-04-09 02:05:49 +00:00
"lastModified" : "2025-04-09T00:30:58.490" ,
"vulnStatus" : "Deferred" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy."
} ,
{
"lang" : "es" ,
"value" : "rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite as\u00ed que atacantes remotos accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simb\u00f3lico que apunta fuera de la jerarqu\u00eda de ficheros del m\u00f3dulo."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C" ,
2024-11-22 07:15:30 +00:00
"baseScore" : 9.3 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
2024-11-22 07:15:30 +00:00
"availabilityImpact" : "COMPLETE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-16"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "57F41B40-75E6-45C8-A5FB-8464C0B2D064"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "300A6A65-05FD-401C-80F6-B5F5B1F056E0"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AA3D53C9-3806-45E6-8AE9-7D41280EF64C"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D29C5A03-A7C9-4780-BB63-CF1E874D018D"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "70440F49-AEE9-41BE-8E1A-43AB657C8E09"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "74022B69-6557-4746-9080-24E4DDA44026"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2081CB54-130C-4A25-A2EE-42249DD6B3EB"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "393F7E04-2288-45FE-8971-CC1BA036CA95"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "60BF457A-B318-475D-950A-9D873C0C667C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "52CA63EE-0911-44AE-9901-FE46FB659D06"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AF678D2B-CD03-4A19-90B4-36448E55943E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E454C988-08A3-4269-AC6A-2A975D288C56"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "12BB68EF-28DF-4326-84A3-C215005FD3D3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "41DC890B-3D3D-41DB-8380-5C290B708350"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3C0E3499-E90D-40C6-B85A-6CC2312532C9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C23042EA-1243-4786-8F76-CDB94E5B909B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "31F7C3A4-88F3-454F-9046-CA169FF12106"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "63756B36-3D03-4C2E-A1B6-AC45B045F94F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FC820774-2B62-4B91-BC1A-EF6B81DD63C3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4329E28A-F133-414B-98E5-F117C1B73711"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FE1E7733-4A97-4817-8192-BDAA539AD2F7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BCD479A6-7E13-41FB-B6D9-4CBA1459083B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2AE611E6-4959-4011-A57A-6774F28D58D6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7DEEFC01-69A5-4760-8052-FB8BA4B125F0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A19ACD7B-B36E-42D7-B311-69CD4EF047F4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8D9A038C-C0B8-416D-B103-5E66963065EE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3C1BB055-0489-42F7-9FC7-99EDDA7026DE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "336FF990-61EE-4F6B-B4BC-D268DADD3D7F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "408FDC67-6862-4482-9DC4-E18AFFC3F7C0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "84537850-6D26-47D3-9888-810B8305BD3A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8AD67864-2BED-42AD-985E-34058C07FEBA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "382AFB02-339D-45BB-A60D-7C751F943762"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "32A205AF-8E75-4AD8-BE0F-EC6A9296D127"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://rsync.samba.org/security.html#s3_0_0" ,
"source" : "cve@mitre.org"
} ,
2024-04-04 08:46:00 +00:00
{
"url" : "http://secunia.com/advisories/27853" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://secunia.com/advisories/27863" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://secunia.com/advisories/28412" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://secunia.com/advisories/28457" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://secunia.com/advisories/31326" ,
"source" : "cve@mitre.org"
} ,
2023-04-24 12:24:31 +02:00
{
"url" : "http://secunia.com/advisories/61005" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://securitytracker.com/id?1019012" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.securityfocus.com/archive/1/487991/100/0/threaded" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.securityfocus.com/bid/26638" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "http://www.vupen.com/english/advisories/2007/4057" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.vupen.com/english/advisories/2008/2268" ,
"source" : "cve@mitre.org"
2024-11-22 07:15:30 +00:00
} ,
{
"url" : "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://rsync.samba.org/security.html#s3_0_0" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/27853" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/27863" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://secunia.com/advisories/28412" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/28457" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/31326" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/61005" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://securitytracker.com/id?1019012" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.securityfocus.com/archive/1/487991/100/0/threaded" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.securityfocus.com/bid/26638" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "http://www.vupen.com/english/advisories/2007/4057" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.vupen.com/english/advisories/2008/2268" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
}
] ,
"vendorComments" : [
{
"organization" : "Red Hat" ,
"comment" : "Red Hat does not consider this to be a security issue. Versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 behave as expected and that behavior was well documented." ,
"lastModified" : "2007-12-06T00:00:00"
2023-04-24 12:24:31 +02:00
}
]
}
