rpm package
opensuse/rsync&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/rsync&distro=openSUSE%20Tumbleweed
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-9512 | — | < 3.1.2-1.5 | 3.1.2-1.5 | Feb 12, 2015 | rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. | ||
| CVE-2014-2855 | — | < 3.1.2-1.5 | 3.1.2-1.5 | Apr 23, 2014 | The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file. | ||
| CVE-2011-1097 | — | < 3.1.2-1.5 | 3.1.2-1.5 | Mar 30, 2011 | rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data. | ||
| CVE-2007-6199 | — | < 3.2.3-2.6 | 3.2.3-2.6 | Dec 1, 2007 | rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. | ||
| CVE-2007-4091 | — | < 3.2.3-2.6 | 3.2.3-2.6 | Aug 16, 2007 | Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. |
- CVE-2014-9512Feb 12, 2015affected < 3.1.2-1.5fixed 3.1.2-1.5
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
- CVE-2014-2855Apr 23, 2014affected < 3.1.2-1.5fixed 3.1.2-1.5
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
- CVE-2011-1097Mar 30, 2011affected < 3.1.2-1.5fixed 3.1.2-1.5
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.
- CVE-2007-6199Dec 1, 2007affected < 3.2.3-2.6fixed 3.2.3-2.6
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
- CVE-2007-4091Aug 16, 2007affected < 3.2.3-2.6fixed 3.2.3-2.6
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
Page 2 of 2