Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

Published

2007-12-01T06:46:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	slackware	slackware_linux	8.1	No
Operating System	slackware	slackware_linux	9.0	No
Operating System	slackware	slackware_linux	9.1	No
Operating System	slackware	slackware_linux	10.0	No
Operating System	slackware	slackware_linux	10.1	No
Operating System	slackware	slackware_linux	10.2	No
Operating System	slackware	slackware_linux	11.0	No
Operating System	slackware	slackware_linux	12.0	No
Application	rsync	rsync	2.3.1	Yes
Application	rsync	rsync	2.3.2	Yes
Application	rsync	rsync	2.3.2_1.2alpha	Yes
Application	rsync	rsync	2.3.2_1.2arm	Yes
Application	rsync	rsync	2.3.2_1.2intel	Yes
Application	rsync	rsync	2.3.2_1.2m68k	Yes
Application	rsync	rsync	2.3.2_1.2ppc	Yes
Application	rsync	rsync	2.3.2_1.2sparc	Yes
Application	rsync	rsync	2.3.2_1.3	Yes
Application	rsync	rsync	2.4.0	Yes
Application	rsync	rsync	2.4.1	Yes
Application	rsync	rsync	2.4.3	Yes
Application	rsync	rsync	2.4.4	Yes
Application	rsync	rsync	2.4.5	Yes
Application	rsync	rsync	2.4.6	Yes
Application	rsync	rsync	2.4.8	Yes
Application	rsync	rsync	2.5.0	Yes
Application	rsync	rsync	2.5.1	Yes
Application	rsync	rsync	2.5.2	Yes
Application	rsync	rsync	2.5.3	Yes
Application	rsync	rsync	2.5.4	Yes
Application	rsync	rsync	2.5.5	Yes
Application	rsync	rsync	2.5.6	Yes
Application	rsync	rsync	2.5.7	Yes
Application	rsync	rsync	2.6	Yes
Application	rsync	rsync	2.6.1	Yes
Application	rsync	rsync	2.6.2	Yes
Application	rsync	rsync	2.6.5	Yes
Application	rsync	rsync	2.6.6	Yes
Application	rsync	rsync	2.6.7	Yes
Application	rsync	rsync	2.6.8	Yes
Application	rsync	rsync	2.6.9	Yes

References

http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html ([email protected])
http://rsync.samba.org/security.html#s3_0_0 Vendor Advisory ([email protected])
http://secunia.com/advisories/27853 ([email protected])
http://secunia.com/advisories/27863 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/28412 ([email protected])
http://secunia.com/advisories/28457 ([email protected])
http://secunia.com/advisories/31326 ([email protected])
http://securitytracker.com/id?1019012 ([email protected])
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 ([email protected])
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011 ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0999.html ([email protected])
http://www.securityfocus.com/archive/1/487991/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/26639 ([email protected])
http://www.vupen.com/english/advisories/2007/4057 ([email protected])
http://www.vupen.com/english/advisories/2008/2268 ([email protected])
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html (af854a3a-2127-422b-91ae-364da2661108)
http://rsync.samba.org/security.html#s3_0_0 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27853 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27863 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28412 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28457 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31326 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1019012 (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0999.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/487991/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/26639 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/4057 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2268 (af854a3a-2127-422b-91ae-364da2661108)