Rsync Sanitize_path功能模块路径避开漏洞

admin
admin
admin
0
文章
0
评论
2022-07-15 15:18:43 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Rsync Sanitize_path功能模块路径避开漏洞

  • CNNVD编号:CNNVD-200410-082
  • 危害等级: 中危
  • CVE编号: CVE-2004-0792
  • 漏洞类型: 路径遍历
  • 发布时间: 2004-10-20
  • 威胁类型: 远程
  • 更新时间: 2006-08-22
  • 厂        商: andrew_tridgell
  • 漏洞来源: Rsync

漏洞简介

rsync 2.6.2版本及之前版本的util.c中的sanitize_path函数在改变根目录不可用时存在目录遍历漏洞。攻击者可以读取或写入某些文件。

漏洞公告

Avaya has released an advisory that acknowlEdges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to follow Red Hat (RHSA-2004:436-07) vendor recommendations to resolve this issue. Please see the referenced Avaya advisory at the following location for further details: http://support.avaya.com/jCMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple/CSS/jCMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=201982&PAGE=avaya.CSS.CSSLvl1Detail&executeTransaction=avaya.CSS.UsageUpdate() Red Hat has released advisory RHSA-2004:436-07 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information. OpenPKG has released a security advisory (OpenPKG-SA-2004.037) to address this issue. Please see the referenced advisory for more information. SUSE has released a security advisory (SUSE-SA:2004:026) to address this issue. Please see the referenced advisory for more information. tinysofa has released a security advisory (TSSA-2004-020-ES) to address this issue. Please see the referenced advisory for further information. Debian has released advisory DSA 538-1 to address this issue. Please see the attached advisory for further information. Trustix has released advisory TSLSA-2004-0042 to address this issue. Please see the attached advisory for further information. Gentoo has released updates to address this issue. Updates may be applied with the following commands: emerge sync emerge -pv ">=net-misc/rsync-2.6.0-r3" emerge ">=net-misc/rsync-2.6.0-r3" Netwosix has released advisory LNSA-#2004-0017 to address this issue. Please see the attached advisory for further information. Mandrake has released an advisory (MDKSA-2004:083) to address this issue. Please see the referenced advisory for more information. RedHat has released two advisories (FEDORA-2004-268, FEDORA-2004-269) to address this issue in Fedora Core 1 and Fedora Core 2. Please see the referenced advisories for more information. Turbolinux has released an advisory (TLSA-2004-20) to address this issue. Please see the referenced advisory for more information. RedHat has released a Fedora legacy advisory (FLSA:2003) to address various issues in rsync. This advisory fixes these issues in Red Hat Linux 7.3 and 9 running on the i386 architecture. Please see the referenced advisory for more details and information about obtaining fixes. Slackware Linux has released an advisory (SSA:2004-285-01) along with fixes dealing with this issue. For more information please see the referenced advisory. Contectiva Linux has released advisory CLA-2004:881 along with fixes dealing with this issue. Please see the referenced advisory for more information. tinysofa enterprise server 2.0

  • tinysofa rsync-2.6.2-2ts.i386.rpm http://http.tinysofa.org/pub/tinysofa/updates/server-2.0/i386/tinysofa /rpms.updates/rsync-2.6.2-2ts.i386.rpm
rsync rsync 2.4.6
  • TurboLinux rsync-2.6.2-2.i586.rpmTurboLinux 7 Server ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/rsync-2.6.2-2.i586.rpm
  • TurboLinux rsync-2.6.2-2.i586.rpmTurboLinux 7 Workstation ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/rsync-2.6.2-2.i586.rpm
rsync rsync 2.5.4
  • TurboLinux rsync-2.6.2-2.i586.rpmTurboLinux 8 Workstation ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/rsync-2.6.2-2.i586.rpm
rsync rsync 2.5.5
  • Debian rsync_2.5.5-0.6_alpha.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_a lpha.deb
  • Debian rsync_2.5.5-0.6_arm.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_a rm.deb
  • Debian rsync_2.5.5-0.6_hppa.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_h ppa.deb
  • Debian rsync_2.5.5-0.6_i386.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_i 386.deb
  • Debian rsync_2.5.5-0.6_ia64.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_i a64.deb
  • Debian rsync_2.5.5-0.6_m68k.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_m 68k.deb
  • Debian rsync_2.5.5-0.6_mips.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_m ips.deb
  • Debian rsync_2.5.5-0.6_mipsel.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_m ipsel.deb
  • Debian rsync_2.5.5-0.6_powerpc.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_p owerpc.deb
  • Debian rsync_2.5.5-0.6_s390.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_s 390.deb
  • Debian rsync_2.5.5-0.6_sparc.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_s parc.deb
  • Mandrake rsync-2.5.5-5.3.C21mdk.i586.rpmMandrake Corporate Server 2.1 http://www.mandrakesecure.net/en/ftp.php
  • Mandrake rsync-2.5.5-5.3.C21mdk.x86_64.rpmMandrake Corporate Server 2.1/x86_64 http://www.mandrakesecure.net/en/ftp.php
  • SuSE rsync-2.6.2-25.i586.patch.rpm ftp://ftp.suse.com/pub

参考网址

来源: GENTOO 名称: GLSA-200408-17 链接:http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml 来源: DEBIAN 名称: DSA-538 链接:http://www.debian.org/security/2004/dsa-538 来源: TRUSTIX 名称: 2004-0042 链接:http://www.trustix.net/errata/2004/0042/ 来源: SUSE 名称: SUSE-SA:2004:026 链接:http://www.novell.com/linux/security/advisories/2004_26_rsync.HTML 来源: samba.org 链接:http://samba.org/rsync/#security_aug04 来源: OVAL 名称: oval:org.mitre.oval:def:10561 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10561 来源: BUGTRAQ 名称: 20040817 LNSA-#2004-0017: rsync (Aug, 17 2004) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109277141223839&w=2 来源: BUGTRAQ 名称: 20040816 TSSA-2004-020-ES - rsync 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109268147522290&w=2 来源: MANDRAKE 名称: MDKSA-2004:083 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:083

受影响实体

  • Andrew_tridgell Rsync:2.6.2  
  • Andrew_tridgell Rsync:2.6.1  
  • Andrew_tridgell Rsync:2.6  
  • Andrew_tridgell Rsync:2.5.7  
  • Andrew_tridgell Rsync:2.5.6  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0