Vulnerability-Lookup

CVE-2007-6200 (GCVE-0-2007-6200)

Vulnerability from cvelistv5 – Published: 2007-12-01 06:00 – Updated: 2024-08-07 15:54

Summary

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/28412	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/4057	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2011-09…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/26639	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2008/2268	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/27853	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/487991/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/27863	third-party-advisoryx_refsource_SECUNIA
	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257	x_refsource_CONFIRM
	http://rsync.samba.org/security.html#s3_0_0	x_refsource_CONFIRM
	http://secunia.com/advisories/28457	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/en/security/advisories?na…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/31326	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1019012	vdb-entryx_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:27.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28412",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28412"
          },
          {
            "name": "ADV-2007-4057",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4057"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "RHSA-2011:0999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
          },
          {
            "name": "26639",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26639"
          },
          {
            "name": "ADV-2008-2268",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "27853",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27853"
          },
          {
            "name": "20080212 FLEA-2008-0004-1 rsync",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
          },
          {
            "name": "27863",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27863"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rsync.samba.org/security.html#s3_0_0"
          },
          {
            "name": "28457",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28457"
          },
          {
            "name": "MDVSA-2008:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
          },
          {
            "name": "31326",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "1019012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019012"
          },
          {
            "name": "SUSE-SR:2008:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-28T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28412",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28412"
        },
        {
          "name": "ADV-2007-4057",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4057"
        },
        {
          "name": "APPLE-SA-2008-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
        },
        {
          "name": "RHSA-2011:0999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
        },
        {
          "name": "26639",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26639"
        },
        {
          "name": "ADV-2008-2268",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2268"
        },
        {
          "name": "27853",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27853"
        },
        {
          "name": "20080212 FLEA-2008-0004-1 rsync",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
        },
        {
          "name": "27863",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27863"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rsync.samba.org/security.html#s3_0_0"
        },
        {
          "name": "28457",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28457"
        },
        {
          "name": "MDVSA-2008:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
        },
        {
          "name": "31326",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31326"
        },
        {
          "name": "1019012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019012"
        },
        {
          "name": "SUSE-SR:2008:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6200",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28412",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28412"
            },
            {
              "name": "ADV-2007-4057",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4057"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "RHSA-2011:0999",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
            },
            {
              "name": "26639",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26639"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "27853",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27853"
            },
            {
              "name": "20080212 FLEA-2008-0004-1 rsync",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
            },
            {
              "name": "27863",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27863"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
            },
            {
              "name": "http://rsync.samba.org/security.html#s3_0_0",
              "refsource": "CONFIRM",
              "url": "http://rsync.samba.org/security.html#s3_0_0"
            },
            {
              "name": "28457",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28457"
            },
            {
              "name": "MDVSA-2008:011",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "1019012",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019012"
            },
            {
              "name": "SUSE-SR:2008:001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6200",
    "datePublished": "2007-12-01T06:00:00.000Z",
    "dateReserved": "2007-11-30T05:00:00.000Z",
    "dateUpdated": "2024-08-07T15:54:27.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-388

Vulnerability from certfr_avis - Published: 2008-08-01 - Updated: 2008-08-01

Plusieurs vulnérabilités permettant entre autres l'exécution de code arbitraire à distance, et concernant le système d'exploitaiton Mac OS X, ont été corrigées.

Description

Plusieurs vulnérabilités concernant Mac OS X ont été corrigées :

Open Scripting Architecture : une mauvaise gestion des droits des plugins permet à un utilisateur malveillant local d'élever ses privilèges.
BIND : une mauvaise gestion de l'aléa et un vulnérabilité protocolaire permettent de corrompre le cache du DNS.
CarbonCore : une vulnérabilité dans les gestion des noms longs de fichier permet l'exécution de code arbitraire.
CoreGraphics : une corruption de mémoire permet l'exécution de code arbitraire, par exemple à l'aide d'un site Web spécifiquement réalisé.
CoreGraphics : un dépassement d'entier lors de la gestion de fichiers au format PDF permet l'exécution de code arbitraire.
Data Detectors Engine : la visualisation d'un message spécifiquement créé permet de provoquer un déni de service de l'application.
Disk Utility : après l'utilisation de l'outil Repair Permissions il est possible d'exécuter des commandes avec les droits sytème à l'aide d'emacs.
OpenLDAP : un message spécifiquement réalisé permet de provoquer un déni de service de l'application.
OpenSSL : une vulnérabilité dans la fonction SSL_get_shared_ciphers() permet de provoquer un déni de service de l'application.
PHP : plusieurs vulnérabilités, dont certaines permettant l'exécution de code arbitraire, ont été corrigées.
QuickLook : un document au format Microsoft Office spécifiquement réalisé permet l'exécution de code arbitraire.
rsync : l'utilisation de liens symboliques permet de modifier des fichiers hors du module.

Solution

Se référer au bulletin de sécurité d'Apple HT2647 du 1 août 2008 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.4.11 ;
N/A	N/A	Mac OS X Server 10.4 ;
N/A	N/A	Mac OS X 10.5.4.
N/A	N/A	Mac OS X Server 10.5 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT2647 du 1 août 2008	None	vendor-advisory
Bulletin de sécurité Apple HT2647 du 01 août 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant Mac OS X ont \u00e9t\u00e9 corrig\u00e9es :\n\n-   Open Scripting Architecture : une mauvaise gestion des droits des\n    plugins permet \u00e0 un utilisateur malveillant local d\u0027\u00e9lever ses\n    privil\u00e8ges.\n-   BIND : une mauvaise gestion de l\u0027al\u00e9a et un vuln\u00e9rabilit\u00e9\n    protocolaire permettent de corrompre le cache du DNS.\n-   CarbonCore : une vuln\u00e9rabilit\u00e9 dans les gestion des noms longs de\n    fichier permet l\u0027ex\u00e9cution de code arbitraire.\n-   CoreGraphics : une corruption de m\u00e9moire permet l\u0027ex\u00e9cution de code\n    arbitraire, par exemple \u00e0 l\u0027aide d\u0027un site Web sp\u00e9cifiquement\n    r\u00e9alis\u00e9.\n-   CoreGraphics : un d\u00e9passement d\u0027entier lors de la gestion de\n    fichiers au format PDF permet l\u0027ex\u00e9cution de code arbitraire.\n-   Data Detectors Engine : la visualisation d\u0027un message sp\u00e9cifiquement\n    cr\u00e9\u00e9 permet de provoquer un d\u00e9ni de service de l\u0027application.\n-   Disk Utility : apr\u00e8s l\u0027utilisation de l\u0027outil Repair Permissions il\n    est possible d\u0027ex\u00e9cuter des commandes avec les droits syt\u00e8me \u00e0\n    l\u0027aide d\u0027emacs.\n-   OpenLDAP : un message sp\u00e9cifiquement r\u00e9alis\u00e9 permet de provoquer un\n    d\u00e9ni de service de l\u0027application.\n-   OpenSSL : une vuln\u00e9rabilit\u00e9 dans la fonction\n    SSL_get_shared_ciphers() permet de provoquer un d\u00e9ni de service de\n    l\u0027application.\n-   PHP : plusieurs vuln\u00e9rabilit\u00e9s, dont certaines permettant\n    l\u0027ex\u00e9cution de code arbitraire, ont \u00e9t\u00e9 corrig\u00e9es.\n-   QuickLook : un document au format Microsoft Office sp\u00e9cifiquement\n    r\u00e9alis\u00e9 permet l\u0027ex\u00e9cution de code arbitraire.\n-   rsync : l\u0027utilisation de liens symboliques permet de modifier des\n    fichiers hors du module.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 d\u0027Apple HT2647 du 1 ao\u00fbt 2008 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2324"
    },
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-6200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
    },
    {
      "name": "CVE-2008-2051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2051"
    },
    {
      "name": "CVE-2008-2322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2322"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2008-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2325"
    },
    {
      "name": "CVE-2007-6199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6199"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2008-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
    },
    {
      "name": "CVE-2008-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1447"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2008-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2323"
    },
    {
      "name": "CVE-2008-2050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2050"
    },
    {
      "name": "CVE-2008-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
    },
    {
      "name": "CVE-2008-2952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2952"
    }
  ],
  "initial_release_date": "2008-08-01T00:00:00",
  "last_revision_date": "2008-08-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 01 ao\u00fbt 2008 :",
      "url": "http://support.apple.com/kb/HT2647"
    }
  ],
  "reference": "CERTA-2008-AVI-388",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, et concernant le syst\u00e8me d\u0027exploitaiton Mac OS X,\nont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 1 ao\u00fbt 2008",
      "url": null
    }
  ]
}

CERTA-2007-AVI-521

Vulnerability from certfr_avis - Published: 2007-12-05 - Updated: 2007-12-05

Plusieurs vulnérabilités présentes dans rsync permettent à un utilisateur distant de contourner la politique de sécurité d'un serveur rsync.

Description

Deux vulnérabilités sont présentes dans rsync. Toutes deux permettent de contourner la politique de sécurité mise en place dans le serveur rsync par le biais de liens symboliques positionnés de façon particulière.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

rsync versions 2.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité rsync du 03 décembre 2007	None	vendor-advisory
Site de rsync :	-	other
Bulletin de sécurité rsync :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003ersync versions 2.x.\u003c/p\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans rsync. Toutes deux permettent de\ncontourner la politique de s\u00e9curit\u00e9 mise en place dans le serveur rsync\npar le biais de liens symboliques positionn\u00e9s de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
    },
    {
      "name": "CVE-2007-6199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6199"
    }
  ],
  "initial_release_date": "2007-12-05T00:00:00",
  "last_revision_date": "2007-12-05T00:00:00",
  "links": [
    {
      "title": "Site de rsync :",
      "url": "http://rsync.samba.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 rsync :",
      "url": "http://rsync.samba.org/security.html"
    }
  ],
  "reference": "CERTA-2007-AVI-521",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans rsync permettent \u00e0 un\nutilisateur distant de contourner la politique de s\u00e9curit\u00e9 d\u0027un serveur\nrsync.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans rsync",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 rsync du 03 d\u00e9cembre 2007",
      "url": null
    }
  ]
}

FKIE_CVE-2007-6200

Vulnerability from fkie_nvd - Published: 2007-12-01 06:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
cve@mitre.org	http://rsync.samba.org/security.html#s3_0_0	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27853
cve@mitre.org	http://secunia.com/advisories/27863	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28412
cve@mitre.org	http://secunia.com/advisories/28457
cve@mitre.org	http://secunia.com/advisories/31326
cve@mitre.org	http://securitytracker.com/id?1019012
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
cve@mitre.org	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2011-0999.html
cve@mitre.org	http://www.securityfocus.com/archive/1/487991/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26639
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4057
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2268
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rsync.samba.org/security.html#s3_0_0	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27853
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27863	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28412
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28457
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31326
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019012
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0999.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487991/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26639
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4057
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2268

Impacted products

Vendor	Product	Version
slackware	slackware_linux	8.1
slackware	slackware_linux	9.0
slackware	slackware_linux	9.1
slackware	slackware_linux	10.0
slackware	slackware_linux	10.1
slackware	slackware_linux	10.2
slackware	slackware_linux	11.0
slackware	slackware_linux	12.0
rsync	rsync	2.3.1
rsync	rsync	2.3.2
rsync	rsync	2.3.2_1.2alpha
rsync	rsync	2.3.2_1.2arm
rsync	rsync	2.3.2_1.2intel
rsync	rsync	2.3.2_1.2m68k
rsync	rsync	2.3.2_1.2ppc
rsync	rsync	2.3.2_1.2sparc
rsync	rsync	2.3.2_1.3
rsync	rsync	2.4.0
rsync	rsync	2.4.1
rsync	rsync	2.4.3
rsync	rsync	2.4.4
rsync	rsync	2.4.5
rsync	rsync	2.4.6
rsync	rsync	2.4.8
rsync	rsync	2.5.0
rsync	rsync	2.5.1
rsync	rsync	2.5.2
rsync	rsync	2.5.3
rsync	rsync	2.5.4
rsync	rsync	2.5.5
rsync	rsync	2.5.6
rsync	rsync	2.5.7
rsync	rsync	2.6
rsync	rsync	2.6.1
rsync	rsync	2.6.2
rsync	rsync	2.6.5
rsync	rsync	2.6.6
rsync	rsync	2.6.7
rsync	rsync	2.6.8
rsync	rsync	2.6.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70440F49-AEE9-41BE-8E1A-43AB657C8E09",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2081CB54-130C-4A25-A2EE-42249DD6B3EB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "393F7E04-2288-45FE-8971-CC1BA036CA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BF457A-B318-475D-950A-9D873C0C667C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
              "matchCriteriaId": "52CA63EE-0911-44AE-9901-FE46FB659D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF678D2B-CD03-4A19-90B4-36448E55943E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
              "matchCriteriaId": "E454C988-08A3-4269-AC6A-2A975D288C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BB68EF-28DF-4326-84A3-C215005FD3D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DC890B-3D3D-41DB-8380-5C290B708350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0E3499-E90D-40C6-B85A-6CC2312532C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23042EA-1243-4786-8F76-CDB94E5B909B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F7C3A4-88F3-454F-9046-CA169FF12106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "63756B36-3D03-4C2E-A1B6-AC45B045F94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC820774-2B62-4B91-BC1A-EF6B81DD63C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4329E28A-F133-414B-98E5-F117C1B73711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1E7733-4A97-4817-8192-BDAA539AD2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD479A6-7E13-41FB-B6D9-4CBA1459083B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE611E6-4959-4011-A57A-6774F28D58D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DEEFC01-69A5-4760-8052-FB8BA4B125F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19ACD7B-B36E-42D7-B311-69CD4EF047F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9A038C-C0B8-416D-B103-5E66963065EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C1BB055-0489-42F7-9FC7-99EDDA7026DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "336FF990-61EE-4F6B-B4BC-D268DADD3D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "408FDC67-6862-4482-9DC4-E18AFFC3F7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84537850-6D26-47D3-9888-810B8305BD3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD67864-2BED-42AD-985E-34058C07FEBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "382AFB02-339D-45BB-A60D-7C751F943762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura.  Permite que atacantes remotos  vulneren exclude, exclude_from, y filter, adem\u00e1s de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar."
    }
  ],
  "id": "CVE-2007-6200",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-12-01T06:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26639"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6200\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2007-12-06T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2W9V-97WX-V5MJ

Vulnerability from github – Published: 2022-05-01 18:40 – Updated: 2022-05-01 18:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6200"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-01T06:46:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.",
  "id": "GHSA-2w9v-97wx-v5mj",
  "modified": "2022-05-01T18:40:27Z",
  "published": "2022-05-01T18:40:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6200"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://rsync.samba.org/security.html#s3_0_0"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27853"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27863"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28457"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019012"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26639"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4057"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-6200

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-6200

Aliases

CVE-2007-6200

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6200",
    "description": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.",
    "id": "GSD-2007-6200",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-6200.html",
      "https://access.redhat.com/errata/RHSA-2011:0999",
      "https://linux.oracle.com/cve/CVE-2007-6200.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6200"
      ],
      "details": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.",
      "id": "GSD-2007-6200",
      "modified": "2023-12-13T01:21:38.533038Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6200",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28412",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28412"
          },
          {
            "name": "ADV-2007-4057",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4057"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "RHSA-2011:0999",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
          },
          {
            "name": "26639",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26639"
          },
          {
            "name": "ADV-2008-2268",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "27853",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27853"
          },
          {
            "name": "20080212 FLEA-2008-0004-1 rsync",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
          },
          {
            "name": "27863",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27863"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
          },
          {
            "name": "http://rsync.samba.org/security.html#s3_0_0",
            "refsource": "CONFIRM",
            "url": "http://rsync.samba.org/security.html#s3_0_0"
          },
          {
            "name": "28457",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28457"
          },
          {
            "name": "MDVSA-2008:011",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
          },
          {
            "name": "31326",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "1019012",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1019012"
          },
          {
            "name": "SUSE-SR:2008:001",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6200"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://rsync.samba.org/security.html#s3_0_0",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rsync.samba.org/security.html#s3_0_0"
            },
            {
              "name": "26639",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26639"
            },
            {
              "name": "1019012",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1019012"
            },
            {
              "name": "27863",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27863"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
            },
            {
              "name": "27853",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27853"
            },
            {
              "name": "MDVSA-2008:011",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
            },
            {
              "name": "SUSE-SR:2008:001",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
            },
            {
              "name": "28412",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28412"
            },
            {
              "name": "28457",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28457"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "ADV-2007-4057",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4057"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "RHSA-2011:0999",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
            },
            {
              "name": "20080212 FLEA-2008-0004-1 rsync",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:50Z",
      "publishedDate": "2007-12-01T06:46Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-6200 (GCVE-0-2007-6200)

CERTA-2008-AVI-388

Description

Solution

CERTA-2007-AVI-521

Description

Solution

FKIE_CVE-2007-6200

GHSA-2W9V-97WX-V5MJ

GSD-2007-6200

Tags

Sightings

Nomenclature