{ "id": "CVE-2007-6199", "sourceIdentifier": "cve@mitre.org", "published": "2007-12-01T06:46:00.000", "lastModified": "2025-04-09T00:30:58.490", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [ { "lang": "en", "value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy." }, { "lang": "es", "value": "rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite as\u00ed que atacantes remotos accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simb\u00f3lico que apunta fuera de la jerarqu\u00eda de ficheros del m\u00f3dulo." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "baseScore": 9.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-16" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064" }, { "vulnerable": false, "criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0" }, { "vulnerable": false, "criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C" }, { "vulnerable": false, "criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D" }, { "vulnerable": false, "criteria": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF" }, { "vulnerable": false, "criteria": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "70440F49-AEE9-41BE-8E1A-43AB657C8E09" }, { "vulnerable": false, "criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026" }, { "vulnerable": false, "criteria": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "2081CB54-130C-4A25-A2EE-42249DD6B3EB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "393F7E04-2288-45FE-8971-CC1BA036CA95" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "60BF457A-B318-475D-950A-9D873C0C667C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*", "matchCriteriaId": "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*", "matchCriteriaId": "52CA63EE-0911-44AE-9901-FE46FB659D06" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*", "matchCriteriaId": "AF678D2B-CD03-4A19-90B4-36448E55943E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*", "matchCriteriaId": "E454C988-08A3-4269-AC6A-2A975D288C56" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*", "matchCriteriaId": "12BB68EF-28DF-4326-84A3-C215005FD3D3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*", "matchCriteriaId": "41DC890B-3D3D-41DB-8380-5C290B708350" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3C0E3499-E90D-40C6-B85A-6CC2312532C9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C23042EA-1243-4786-8F76-CDB94E5B909B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "31F7C3A4-88F3-454F-9046-CA169FF12106" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "63756B36-3D03-4C2E-A1B6-AC45B045F94F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC820774-2B62-4B91-BC1A-EF6B81DD63C3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "4329E28A-F133-414B-98E5-F117C1B73711" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "FE1E7733-4A97-4817-8192-BDAA539AD2F7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "BCD479A6-7E13-41FB-B6D9-4CBA1459083B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "2AE611E6-4959-4011-A57A-6774F28D58D6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "7DEEFC01-69A5-4760-8052-FB8BA4B125F0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "A19ACD7B-B36E-42D7-B311-69CD4EF047F4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "8D9A038C-C0B8-416D-B103-5E66963065EE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "3C1BB055-0489-42F7-9FC7-99EDDA7026DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "336FF990-61EE-4F6B-B4BC-D268DADD3D7F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "408FDC67-6862-4482-9DC4-E18AFFC3F7C0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "84537850-6D26-47D3-9888-810B8305BD3A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "8AD67864-2BED-42AD-985E-34058C07FEBA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "382AFB02-339D-45BB-A60D-7C751F943762" }, { "vulnerable": true, "criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127" } ] } ] } ], "references": [ { "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html", "source": "cve@mitre.org" }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html", "source": "cve@mitre.org" }, { "url": "http://rsync.samba.org/security.html#s3_0_0", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/27853", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/27863", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/28412", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/28457", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/31326", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/61005", "source": "cve@mitre.org" }, { "url": "http://securitytracker.com/id?1019012", "source": "cve@mitre.org" }, { "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html", "source": "cve@mitre.org" }, { "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257", "source": "cve@mitre.org" }, { "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/26638", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://www.vupen.com/english/advisories/2007/4057", "source": "cve@mitre.org" }, { "url": "http://www.vupen.com/english/advisories/2008/2268", "source": "cve@mitre.org" }, { "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://rsync.samba.org/security.html#s3_0_0", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/27853", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/27863", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/28412", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/28457", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/31326", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://secunia.com/advisories/61005", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://securitytracker.com/id?1019012", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/26638", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "http://www.vupen.com/english/advisories/2007/4057", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.vupen.com/english/advisories/2008/2268", "source": "af854a3a-2127-422b-91ae-364da2661108" } ], "vendorComments": [ { "organization": "Red Hat", "comment": "Red Hat does not consider this to be a security issue. Versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 behave as expected and that behavior was well documented.", "lastModified": "2007-12-06T00:00:00" } ] }