mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
250 lines
8.8 KiB
JSON
250 lines
8.8 KiB
JSON
{
|
|
"id": "CVE-2004-0792",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2004-10-20T04:00:00.000",
|
|
"lastModified": "2017-10-11T01:29:34.107",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de atravesamiento de directorios en la funci\u00f3n sanitize_path en util.c de rsync 2.6.2 y anteriores, cuando chroot est\u00e1 desactivado, permite a atacantes leer o escribir ciertos ficheros."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.4
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 4.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "138253E8-6342-4A88-89E6-B579782BC273"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "06A95770-7838-4D26-98BD-F3C0A264C431"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:alpha:*:*:*:*:*",
|
|
"matchCriteriaId": "C698EF8A-7EAE-4F23-87FD-57D143759BA5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:arm:*:*:*:*:*",
|
|
"matchCriteriaId": "10E06CAF-D555-46E4-A39B-D1C230E34CE4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:intel:*:*:*:*:*",
|
|
"matchCriteriaId": "CE361EF1-4FC5-4E0B-AC04-F7D46CBC46F0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:m68k:*:*:*:*:*",
|
|
"matchCriteriaId": "542C7579-F7FE-4D66-9C39-4C89B502614F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:ppc:*:*:*:*:*",
|
|
"matchCriteriaId": "A08984C1-C94B-44E7-BF5A-2C4FB74A448E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:*:sparc:*:*:*:*:*",
|
|
"matchCriteriaId": "A289538D-27D6-430B-ABE4-A2D332491313"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EB5183D1-CBB7-4E91-94A5-9761666A16AF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "26EB2DBC-F71C-4D86-9436-FA06B7244F1E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "41681E68-E4D3-4466-8BAF-12F38D670C73"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9C472D33-56FC-4939-A800-00C319D44D45"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D57C7AF3-A648-44E3-9ABF-D546B34BDC02"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "38450ED2-6642-4ADB-ACBC-702588904B50"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FC163657-8FD5-4578-8452-49ABAA1121D5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.4.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DAFB0E34-5886-454E-9680-640F8FE6A4B6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FA756243-887B-42FD-9A68-2D54CE44AA0A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "502E8AC0-7293-41A0-BA17-873DEE5133DB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "55E84BFA-DAF8-4842-8542-E244FE16CBD8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5DC02AD4-07B4-4A35-BB74-7228A1CDABE1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "33B1ECCC-AAF1-4A3A-BDFA-7955E1AA3683"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FC4726E9-246B-4C6F-8253-0F09886749A0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "59CAA1CD-09D5-40CC-9A27-738B4028BF05"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.5.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A9391534-2F3A-4926-89DD-561FCCFA1743"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9CE53D10-4467-4EAE-845F-F527357C0A71"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4D107BB3-7DC7-4138-BE5F-A8B239427DD7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8F902BF6-CC1F-4544-A2FF-839A71C23EB0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://marc.info/?l=bugtraq&m=109268147522290&w=2",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://marc.info/?l=bugtraq&m=109277141223839&w=2",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://samba.org/rsync/#security_aug04",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.debian.org/security/2004/dsa-538",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:083",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.novell.com/linux/security/advisories/2004_26_rsync.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.trustix.net/errata/2004/0042/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |