Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gain root remotely >> rsync path sanitation vulnerability


Vulnerability Assessment Details

rsync path sanitation vulnerability

Vulnerability Assessment Summary
Acertains if rsync is running

Detailed Explanation for this Vulnerability Assessment

A vulnerability has been reported in rsync, which potentially can be exploited
by malicious users to read or write arbitrary files on a vulnerable system.

rsync is a software product for keeping files synched across multiple
systems. Rsync is a network-based program and typically communicates
over TCP port 873.

There is a flaw in this version of rsync which, due to an input validation
error, would permit a remote attacker to gain access to the remote system.

A possible hacker, exploiting this flaw, would need network access to the TCP port.

Successful exploitation requires that the rsync daemon is *not* running chrooted.

*** Since rsync does not advertise its version number
*** and since there are little details about this flaw at
*** this time, this might be a false positive

Solution : Upgrade to rsync 2.6.3 or newer
Network Security Threat Level: High

Networks Security ID: 10938

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 David Maciejak

Cables, Connectors


R281-3C2 2U 12 Bay GPU Server 2Ghz 40-C 128GB 2x10G SFP+ 2x1200W TrueNAS ZFS picture

R281-3C2 2U 12 Bay GPU Server 2Ghz 40-C 128GB 2x10G SFP+ 2x1200W TrueNAS ZFS

$1090.24



Cisco 1100 Terminal - gateway - rack-mountable C1100TGX-1N24P32A picture

Cisco 1100 Terminal - gateway - rack-mountable C1100TGX-1N24P32A

$1000.00



Dell R730xd 12LFF 2.6Ghz 20-C 128GB H730 2x10G+2x1G NIC 2x1100W 12x Trays Rails picture

Dell R730xd 12LFF 2.6Ghz 20-C 128GB H730 2x10G+2x1G NIC 2x1100W 12x Trays Rails

$694.05



R281-3C2 2U 12 Bay GPU Server 2.1Ghz 24-C 128GB 2x10G SFP+ 2x1200W TrueNAS ZFS picture

R281-3C2 2U 12 Bay GPU Server 2.1Ghz 24-C 128GB 2x10G SFP+ 2x1200W TrueNAS ZFS

$960.24



SuperMicro Server 505-2 Intel Atom 2.4GHz 8GB RAM SYS-5018A-FTN4 1U Rackmount picture

SuperMicro Server 505-2 Intel Atom 2.4GHz 8GB RAM SYS-5018A-FTN4 1U Rackmount

$179.99



Dell Poweredge R630 2x Xeon E5-2660 v3 2.6ghz 20-Cores / 32gb / H730 / iDracEnt picture

Dell Poweredge R630 2x Xeon E5-2660 v3 2.6ghz 20-Cores / 32gb / H730 / iDracEnt

$282.92



Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD picture

Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD

$389.99



Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM 12x4TB picture

Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM 12x4TB

$510.00



Dell PowerEdge R820 Server 4x E5-4620 2.2GHz 32-Core Total 256GB 0HD 2x 1100w  picture

Dell PowerEdge R820 Server 4x E5-4620 2.2GHz 32-Core Total 256GB 0HD 2x 1100w

$315.00



HP Proliant DL380 G9 2x E5-2680 v4 2.4Ghz 28-Cores 32GB P440ar 2x 300gb 2x 750w picture

HP Proliant DL380 G9 2x E5-2680 v4 2.4Ghz 28-Cores 32GB P440ar 2x 300gb 2x 750w

$139.99



Discussions

No Discussions have been posted on this vulnerability.