Test ID:	1.3.6.1.4.1.25623.1.0.51374
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:881
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2004:881. rsync[1] is a program used mainly to mirror files between remote sites. rsync before 2.6.1 does not properly sanitize paths[2] when running a read and write daemon without using chroot. This could allow a remote attacker to write files outside of the rsync directory, depending on rsync's daemon privileges. Also, rsync prior to version 2.6.3 has another path sanitization vulnerability[3]. This issue could allow a remote attacker to read or write files outside of the rsync directory. This vulnerability is only exploitable when an rsync daemon is running and not within a chroot, which is not the default configuration. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://rsync.samba.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0792 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:881 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 6.4
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0426 BugTraq ID: 10247 http://www.securityfocus.com/bid/10247 Bugtraq: 20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync) (Google Search) http://marc.info/?l=bugtraq&m=108515912212018&w=2 Computer Incident Advisory Center Bulletin: O-134 http://www.ciac.org/ciac/bulletins/o-134.shtml Computer Incident Advisory Center Bulletin: O-212 http://www.ciac.org/ciac/bulletins/o-212.shtml Debian Security Information: DSA-499 (Google Search) http://www.debian.org/security/2004/dsa-499 http://www.gentoo.org/security/en/glsa/glsa-200407-10.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A967 http://www.redhat.com/support/errata/RHSA-2004-192.html http://secunia.com/advisories/11514 http://secunia.com/advisories/11515 http://secunia.com/advisories/11523 http://secunia.com/advisories/11537 http://secunia.com/advisories/11583 http://secunia.com/advisories/11669 http://secunia.com/advisories/11688 http://secunia.com/advisories/11993 http://secunia.com/advisories/12054 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.403462 http://www.trustix.net/errata/misc/2004/TSL-2004-0024-rsync.asc.txt XForce ISS Database: rsync-write-files(16014) https://exchange.xforce.ibmcloud.com/vulnerabilities/16014 Common Vulnerability Exposure (CVE) ID: CVE-2004-0792 Bugtraq: 20040816 TSSA-2004-020-ES - rsync (Google Search) http://marc.info/?l=bugtraq&m=109268147522290&w=2 Bugtraq: 20040817 LNSA-#2004-0017: rsync (Aug, 17 2004) (Google Search) http://marc.info/?l=bugtraq&m=109277141223839&w=2 Debian Security Information: DSA-538 (Google Search) http://www.debian.org/security/2004/dsa-538 http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10561 SuSE Security Announcement: SUSE-SA:2004:026 (Google Search) http://www.novell.com/linux/security/advisories/2004_26_rsync.html http://www.trustix.net/errata/2004/0042/
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.