CVE-2004-0792
CVSS6.4
发布时间 :2004-10-20 00:00:00
修订时间 :2016-10-17 22:49:02
NMCOS    

[原文]Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.


[CNNVD]Rsync Sanitize_path功能模块路径避开漏洞(CNNVD-200410-082)

        rsync 2.6.2版本及之前版本的util.c中的sanitize_path函数在改变根目录不可用时存在目录遍历漏洞。攻击者可以读取或写入某些文件。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:andrew_tridgell:rsync:2.3.2_1.2::alpha
cpe:/a:andrew_tridgell:rsync:2.3.2_1.2::intel
cpe:/a:andrew_tridgell:rsync:2.4.8
cpe:/a:andrew_tridgell:rsync:2.5.7
cpe:/a:andrew_tridgell:rsync:2.4.6
cpe:/a:andrew_tridgell:rsync:2.5.5
cpe:/a:andrew_tridgell:rsync:2.5.6
cpe:/a:andrew_tridgell:rsync:2.3.2_1.2::ppc
cpe:/a:andrew_tridgell:rsync:2.3.2_1.3
cpe:/a:andrew_tridgell:rsync:2.3.2_1.2::m68k
cpe:/a:andrew_tridgell:rsync:2.6
cpe:/a:andrew_tridgell:rsync:2.4.4
cpe:/a:andrew_tridgell:rsync:2.5.3
cpe:/a:andrew_tridgell:rsync:2.6.2
cpe:/a:andrew_tridgell:rsync:2.4.5
cpe:/a:andrew_tridgell:rsync:2.5.4
cpe:/a:andrew_tridgell:rsync:2.5.1
cpe:/a:andrew_tridgell:rsync:2.4.3
cpe:/a:andrew_tridgell:rsync:2.5.2
cpe:/a:andrew_tridgell:rsync:2.6.1
cpe:/a:andrew_tridgell:rsync:2.3.1
cpe:/a:andrew_tridgell:rsync:2.4.0
cpe:/a:andrew_tridgell:rsync:2.3.2
cpe:/a:andrew_tridgell:rsync:2.3.2_1.2::sparc
cpe:/a:andrew_tridgell:rsync:2.4.1
cpe:/a:andrew_tridgell:rsync:2.5.0
cpe:/a:andrew_tridgell:rsync:2.3.2_1.2::arm

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10561Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attac...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0792
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0792
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200410-082
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109268147522290&w=2
(UNKNOWN)  BUGTRAQ  20040816 TSSA-2004-020-ES - rsync
http://marc.info/?l=bugtraq&m=109277141223839&w=2
(UNKNOWN)  BUGTRAQ  20040817 LNSA-#2004-0017: rsync (Aug, 17 2004)
http://samba.org/rsync/#security_aug04
(UNKNOWN)  CONFIRM  http://samba.org/rsync/#security_aug04
http://www.debian.org/security/2004/dsa-538
(VENDOR_ADVISORY)  DEBIAN  DSA-538
http://www.gentoo.org/security/en/glsa/glsa-200408-17.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200408-17
http://www.mandriva.com/security/advisories?name=MDKSA-2004:083
(UNKNOWN)  MANDRAKE  MDKSA-2004:083
http://www.novell.com/linux/security/advisories/2004_26_rsync.html
(UNKNOWN)  SUSE  SUSE-SA:2004:026
http://www.trustix.net/errata/2004/0042/
(UNKNOWN)  TRUSTIX  2004-0042

- 漏洞信息

Rsync Sanitize_path功能模块路径避开漏洞
中危 路径遍历
2004-10-20 00:00:00 2006-08-22 00:00:00
远程  
        rsync 2.6.2版本及之前版本的util.c中的sanitize_path函数在改变根目录不可用时存在目录遍历漏洞。攻击者可以读取或写入某些文件。

- 公告与补丁

        Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to follow Red Hat (RHSA-2004:436-07) vendor recommendations to resolve this issue. Please see the referenced Avaya advisory at the following location for further details:
        http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=201982&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()
        Red Hat has released advisory RHSA-2004:436-07 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
        OpenPKG has released a security advisory (OpenPKG-SA-2004.037) to address this issue. Please see the referenced advisory for more information.
        SUSE has released a security advisory (SUSE-SA:2004:026) to address this issue. Please see the referenced advisory for more information.
        tinysofa has released a security advisory (TSSA-2004-020-ES) to address this issue. Please see the referenced advisory for further information.
        Debian has released advisory DSA 538-1 to address this issue. Please see the attached advisory for further information.
        Trustix has released advisory TSLSA-2004-0042 to address this issue. Please see the attached advisory for further information.
        Gentoo has released updates to address this issue. Updates may be applied with the following commands:
        emerge sync
        emerge -pv ">=net-misc/rsync-2.6.0-r3"
        emerge ">=net-misc/rsync-2.6.0-r3"
        Netwosix has released advisory LNSA-#2004-0017 to address this issue. Please see the attached advisory for further information.
        Mandrake has released an advisory (MDKSA-2004:083) to address this issue. Please see the referenced advisory for more information.
        RedHat has released two advisories (FEDORA-2004-268, FEDORA-2004-269) to address this issue in Fedora Core 1 and Fedora Core 2. Please see the referenced advisories for more information.
        Turbolinux has released an advisory (TLSA-2004-20) to address this issue. Please see the referenced advisory for more information.
        RedHat has released a Fedora legacy advisory (FLSA:2003) to address various issues in rsync. This advisory fixes these issues in Red Hat Linux 7.3 and 9 running on the i386 architecture. Please see the referenced advisory for more details and information about obtaining fixes.
        Slackware Linux has released an advisory (SSA:2004-285-01) along with fixes dealing with this issue. For more information please see the referenced advisory.
        Contectiva Linux has released advisory CLA-2004:881 along with fixes dealing with this issue. Please see the referenced advisory for more information.
        
        tinysofa enterprise server 2.0
        
        
        rsync rsync 2.4.6
        
        rsync rsync 2.5.4
        
        rsync rsync 2.5.5
        

- 漏洞信息

8829
rsync sanitize_path() Arbitrary File Dislcosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public Vendor Verified

- 漏洞描述

rsync contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker supplies a specially crafted path which causes the sanitize_path()function to generate an absolute filename in place of a relative filename, which will disclose arbitrary file information resulting in a loss of confidentiality.

- 时间线

2004-08-13 Unknow
2004-08-13 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, rsync has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Rsync Sanitize_path Function Module Path Escaping Vulnerability
Input Validation Error 10938
Yes No
2004-08-12 12:00:00 2009-07-12 06:16:00
This issue was reported by the vendor.

- 受影响的程序版本

tinysofa enterprise server 2.0
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
rsync rsync 2.6.2
+ OpenPKG OpenPKG 2.1
rsync rsync 2.6.1
rsync rsync 2.6
+ OpenPKG OpenPKG 2.0
rsync rsync 2.5.7
rsync rsync 2.5.6
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.4
+ OpenBSD OpenBSD 3.3
+ OpenBSD OpenBSD 3.2
+ OpenBSD OpenBSD 3.1
+ OpenBSD OpenBSD 3.0
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG Current
+ Red Hat Fedora Core1
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Slackware Linux 9.1
+ Slackware Linux 9.0
rsync rsync 2.5.5
+ Conectiva Linux 9.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux 8.1
rsync rsync 2.5.4
+ Immunix Immunix OS 7.3
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
rsync rsync 2.5.3
rsync rsync 2.5.2
+ Immunix Immunix OS 7+
rsync rsync 2.5.1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
rsync rsync 2.5 .0
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
rsync rsync 2.4.8
rsync rsync 2.4.6
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
rsync rsync 2.4.5
rsync rsync 2.4.4
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
rsync rsync 2.4.3
+ Caldera OpenLinux 3.1 -IA64
+ Caldera OpenLinux 2.3
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Trustix Secure Linux 1.1
rsync rsync 2.4.1
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ Trustix Secure Linux 1.0 1
rsync rsync 2.4 .0
rsync rsync 2.3.2 -1.3
rsync rsync 2.3.2 -1.2 sparc
+ Debian Linux 2.2 sparc
rsync rsync 2.3.2 -1.2 PPC
+ Debian Linux 2.2 powerpc
rsync rsync 2.3.2 -1.2 m68k
+ Debian Linux 2.2 68k
rsync rsync 2.3.2 -1.2 intel
+ Debian Linux 2.2 IA-32
rsync rsync 2.3.2 -1.2 ARM
+ Debian Linux 2.2 arm
rsync rsync 2.3.2 -1.2 alpha
+ Debian Linux 2.2 alpha
rsync rsync 2.3.2
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
rsync rsync 2.3.1
+ Caldera OpenLinux eBuilder 3.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Conectiva Linux 10.0
Conectiva Linux 9.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Converged Communications Server 2.0

- 漏洞讨论

If an rsync server is installed as a daemon with a read/write enabled module without using the 'chroot' option, it is possible that a remote attacker could read/write files outside of the configured module path. Rsync does not properly sanitize the paths when not running with chroot. The problem exists in the 'sanitize_path' function.

This could potentially be exploited to execute arbitrary code by corrupting or place arbitrary files on the system. Destruction of data could also result, possibly causing a denial of service condition. Other attacks could also occur, depending on the attacker's motives.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to follow Red Hat (RHSA-2004:436-07) vendor recommendations to resolve this issue. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=201982&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

Red Hat has released advisory RHSA-2004:436-07 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

OpenPKG has released a security advisory (OpenPKG-SA-2004.037) to address this issue. Please see the referenced advisory for more information.

SUSE has released a security advisory (SUSE-SA:2004:026) to address this issue. Please see the referenced advisory for more information.

tinysofa has released a security advisory (TSSA-2004-020-ES) to address this issue. Please see the referenced advisory for further information.

Debian has released advisory DSA 538-1 to address this issue. Please see the attached advisory for further information.

Trustix has released advisory TSLSA-2004-0042 to address this issue. Please see the attached advisory for further information.

Gentoo has released updates to address this issue. Updates may be applied with the following commands:
emerge sync
emerge -pv ">=net-misc/rsync-2.6.0-r3"
emerge ">=net-misc/rsync-2.6.0-r3"

Netwosix has released advisory LNSA-#2004-0017 to address this issue. Please see the attached advisory for further information.

Mandrake has released an advisory (MDKSA-2004:083) to address this issue. Please see the referenced advisory for more information.

RedHat has released two advisories (FEDORA-2004-268, FEDORA-2004-269) to address this issue in Fedora Core 1 and Fedora Core 2. Please see the referenced advisories for more information.

Turbolinux has released an advisory (TLSA-2004-20) to address this issue. Please see the referenced advisory for more information.

RedHat has released a Fedora legacy advisory (FLSA:2003) to address various issues in rsync. This advisory fixes these issues in Red Hat Linux 7.3 and 9 running on the i386 architecture. Please see the referenced advisory for more details and information about obtaining fixes.

Slackware Linux has released an advisory (SSA:2004-285-01) along with fixes dealing with this issue. For more information please see the referenced advisory.

Contectiva Linux has released advisory CLA-2004:881 along with fixes dealing with this issue. Please see the referenced advisory for more information.


tinysofa enterprise server 2.0

rsync rsync 2.4.6

rsync rsync 2.5.4

rsync rsync 2.5.5

rsync rsync 2.5.6

rsync rsync 2.5.7

rsync rsync 2.6

rsync rsync 2.6.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站