CVE-2007-4091

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908
http://c-skills.blogspot.com/2007/08/cve-2007-4091.html
http://secunia.com/advisories/26493
http://secunia.com/advisories/26518
http://secunia.com/advisories/26537
http://secunia.com/advisories/26543
http://secunia.com/advisories/26548
http://secunia.com/advisories/26634
http://secunia.com/advisories/26822
http://secunia.com/advisories/26911
http://secunia.com/advisories/27896
http://secunia.com/advisories/61039
http://security.gentoo.org/glsa/glsa-200709-13.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html
http://www.debian.org/security/2007/dsa-1360
http://www.novell.com/linux/security/advisories/2007_17_sr.html
http://www.securityfocus.com/archive/1/477628/100/0/threaded
http://www.securityfocus.com/bid/25336
http://www.trustix.org/errata/2007/0026/
http://www.ubuntu.com/usn/usn-500-1
http://www.vupen.com/english/advisories/2007/2915
https://exchange.xforce.ibmcloud.com/vulnerabilities/36072
https://issues.rpath.com/browse/RPL-1647
http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908
http://c-skills.blogspot.com/2007/08/cve-2007-4091.html
http://secunia.com/advisories/26493
http://secunia.com/advisories/26518
http://secunia.com/advisories/26537
http://secunia.com/advisories/26543
http://secunia.com/advisories/26548
http://secunia.com/advisories/26634
http://secunia.com/advisories/26822
http://secunia.com/advisories/26911
http://secunia.com/advisories/27896
http://secunia.com/advisories/61039
http://security.gentoo.org/glsa/glsa-200709-13.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html
http://www.debian.org/security/2007/dsa-1360
http://www.novell.com/linux/security/advisories/2007_17_sr.html
http://www.securityfocus.com/archive/1/477628/100/0/threaded
http://www.securityfocus.com/bid/25336
http://www.trustix.org/errata/2007/0026/
http://www.ubuntu.com/usn/usn-500-1
http://www.vupen.com/english/advisories/2007/2915
https://exchange.xforce.ibmcloud.com/vulnerabilities/36072
https://issues.rpath.com/browse/RPL-1647

Configurations

Configuration 1 (hide)

cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*

History

21 Nov 2024, 00:34

Information

Published : 2007-08-16 00:17

Updated : 2025-04-09 00:30

NVD link : CVE-2007-4091

Mitre link : CVE-2007-4091

CVE.ORG link : CVE-2007-4091

JSON object : View

Products Affected

rsync

rsync

CWE

NVD-CWE-Other

{"id": "CVE-2007-4091", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-08-16T00:17:00.000", "references": [{"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908", "source": "cve@mitre.org"}, {"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26493", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26518", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26537", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26543", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26548", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26634", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26822", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26911", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27896", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/61039", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml", "source": "cve@mitre.org"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089", "source": "cve@mitre.org"}, {"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2007/dsa-1360", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25336", "source": "cve@mitre.org"}, {"url": "http://www.trustix.org/errata/2007/0026/", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-500-1", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2915", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072", "source": "cve@mitre.org"}, {"url": "https://issues.rpath.com/browse/RPL-1647", "source": "cve@mitre.org"}, {"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26493", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26518", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26537", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26543", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26548", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26634", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26822", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26911", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27896", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/61039", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2007/dsa-1360", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25336", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.trustix.org/errata/2007/0026/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/usn-500-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2915", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.rpath.com/browse/RPL-1647", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."}, {"lang": "es", "value": "M\u00faltiples errores de superaci\u00f3n de l\u00edmite (off-by-one) en sender.c de rsync 2.6.9 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante nombres de directorio que no son manejados adecuadamente al llamar a la funci\u00f3n f_name."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This flaw did not affect Red Hat Enterprise Linux 2.1, 3, or 4 due to the version of rsync.\n\nThis flaw does exist in Red Hat Enterprise Linux 5, but due to the nature of the flaw it is not exploitable with any security consequence due to stack-protector.", "lastModified": "2007-08-22T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}

6.8 /10