Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2004:192

The remote host is missing updates announced in
advisory RHSA-2004:192.

Rsync is a program for synchronizing files over a network.

Rsync before 2.6.1 does not properly sanitize paths when running a
read/write daemon without using chroot. This could allow a remote attacker
to write files outside of the module's path, depending on the privileges
assigned to the rsync daemon. Users not running an rsync daemon, running a
read-only daemon, or running a chrooted daemon are not affected by this
issue. The Common Vulnerabilities and Exposures project (
has assigned the name CVE-2004-0426 to this issue.

Users of Rsync are advised to upgrade to this updated package, which
contains a backported patch and is not affected by this issue.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: BugTraq ID: 10247
Common Vulnerability Exposure (CVE) ID: CVE-2004-0426
Bugtraq: 20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync) (Google Search)
Computer Incident Advisory Center Bulletin: O-134
Computer Incident Advisory Center Bulletin: O-212
Debian Security Information: DSA-499 (Google Search)
XForce ISS Database: rsync-write-files(16014)
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.