VYPR

rpm package

opensuse/rsync&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rsync&distro=openSUSE%20Tumbleweed

Vulnerabilities (25)

  • CVE-2014-9512Feb 12, 2015
    affected < 3.1.2-1.5fixed 3.1.2-1.5

    rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

  • CVE-2014-2855Apr 23, 2014
    affected < 3.1.2-1.5fixed 3.1.2-1.5

    The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

  • CVE-2011-1097Mar 30, 2011
    affected < 3.1.2-1.5fixed 3.1.2-1.5

    rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

  • CVE-2007-6199Dec 1, 2007
    affected < 3.2.3-2.6fixed 3.2.3-2.6

    rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.

  • CVE-2007-4091Aug 16, 2007
    affected < 3.2.3-2.6fixed 3.2.3-2.6

    Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

Page 2 of 2