FreeBSD Ports : rsync < 2.6.2_2

Medium Nessus Plugin ID 14386


The remote device is missing a vendor-supplied security patch


The remote host has an old version of rsync installed.

There is a flaw in this version of rsync which, due to an input validation error, would allow a remote attacker to gain access to the remote system.

An attacker, exploiting this flaw, would need network access to the TCP port.

Successful exploitation requires that the rsync daemon is *not* running chroot.


Plugin Details

Severity: Medium

ID: 14386

File Name: freebsd_rsync_262_2.nasl

Version: $Revision: 1.12 $

Published: 2004/08/27

Modified: 2011/10/02

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: Host/FreeBSD/pkg_info

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2004-0792

BID: 10938