NVD Vulnerability Detail

CVE-2004-0792

Summary	Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
Publication Date	Oct. 20, 2004, 1 p.m.
Registration Date	Jan. 29, 2021, 6 p.m.
Last Update	Oct. 11, 2017, 10:29 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:andrew_tridgell:rsync:2.3.1:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.3.2:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::alpha:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::arm:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::intel:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::m68k:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::ppc:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::sparc:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.3:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.0:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.1:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.3:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.4:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.5:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.6:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.8:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.0:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.1:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.2:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.3:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.4:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.5:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.6:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.7:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.6:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.6.1:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.6.2:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://marc.info/?l=bugtraq&m=109268147522290&w=2	BUGTRAQ
2	http://marc.info/?l=bugtraq&m=109277141223839&w=2	BUGTRAQ
3	http://samba.org/rsync/#security_aug04	CONFIRM
4	http://www.debian.org/security/2004/dsa-538	DEBIAN	Patch Vendor Advisory
5	http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml	GENTOO	Patch Vendor Advisory
6	http://www.mandriva.com/security/advisories?name=MDKSA-2004:083	MANDRAKE
7	http://www.novell.com/linux/security/advisories/2004_26_rsync.html	SUSE
8	http://www.trustix.net/errata/2004/0042/	TRUSTIX
9	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561	OVAL

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:andrew_tridgell:rsync:2.3.1:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.3.2:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::alpha:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::arm:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::intel:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::m68k:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::ppc:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2::sparc:::::
cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.3:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.0:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.1:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.3:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.4:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.5:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.6:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.4.8:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.0:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.1:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.2:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.3:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.4:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.5:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.6:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.5.7:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.6:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.6.1:::::::*
cpe:2.3:a:andrew_tridgell:rsync:2.6.2:::::::*