RSYNC: File Overwrite and Directory Traversal
This signature detects directory traversal attempts against rsync. Rsync enables users to specify a backup path outside of the main rsync tree. Attackers can specify a backup path that includes ".." characters to move one directory level higher.
Extended Description
If an rsync server is installed as a daemon with a read/write enabled module without using the 'chroot' option, it is possible that a remote attacker could write files outside of the configure module path. Rsync does not properly sanitize the paths when not running with chroot. The result is that attackers may potentially write files to the system, resulting in various consequences such as execution of arbitrary code or denial of service.
Affected Products
Rsync rsync
References
BugTraq: 10247
CVE: CVE-2004-0426
URL: http://oval.mitre.org/oval/definitions/data/oval967.html http://rsync.samba.org/
Short Name
RSYNC:DIR-TRAV
Severity
Minor
Recommended
False
Recommended Action
None
Category
RSYNC
Keywords
CVE-2004-0426 Directory File Overwrite Traversal and bid:10247
Release Date
05/12/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/873
False Positive
Unknown
Vendors
Red_hat
Rsync
Conectiva
Apple
Mandriva
Debian
CVSS Score
5.0