rsync sanitize_path() Function Arbitrary File Disclosure

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

Arbitrary files can be accessed from the remote host.

Description :

A vulnerability has been reported in rsync, which can potentially be
exploited by a remote attacker to read or write arbitrary files on a
system. Successful exploitation requires that the rsync daemon is
*not* running chrooted.

Since rsync does not advertise its version number and since there are
little details about this flaw at this time, this might be a false
positive

Solution :

Upgrade to rsync 2.6.3 or later.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 14223 ()

Bugtraq ID: 10938

CVE ID: CVE-2004-0792