Bug 407171 (CVE-2007-6200)

Summary: CVE-2007-6200 rsync excluded content access restrictions bypass via symlinks
Product: [Other] Security Response Reporter: Red Hat Product Security <security-response-team>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bressers, jlieskov, ssorce, tao, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6200
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-03 18:27:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 717458    
Bug Blocks:    

Description Lubomir Kundrak 2007-12-01 03:38:07 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6200 to the following vulnerability:

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

References:

http://rsync.samba.org/security.html#s3_0_0
http://www.securityfocus.com/bid/26639
http://securitytracker.com/id?1019012
http://secunia.com/advisories/27863
Comment 1 Lubomir Kundrak 2007-12-05 18:34:23 UTC 
The Red Hat Security Response Team has rated this issue as having moderate
security impact, a future update may address this flaw.
Comment 6 Red Hat Bugzilla 2009-10-23 19:04:06 UTC 
Reporter changed to security-response-team by request of Jay Turner.
Comment 7 Vincent Danen 2010-12-22 23:28:44 UTC 
Upstream patches to fix this issue (they have it noted as three issues, not sure if all three got different CVE names or not):

http://rsync.samba.org/ftp/rsync/munge-symlinks-2.6.9.diff
http://rsync.samba.org/ftp/rsync/security/rsync-2.6.9-daemon-exclude.diff
http://rsync.samba.org/ftp/rsync/security/rsync-2.6.9-daemon-ids.diff

These were all fixed in 3.0.0.

Statement:

The Red Hat Security Response Team has rated this issue as having moderate
security impact, a future rsync package update may address this flaw in Red Hat Enterprise Linux 4. This flaw has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:0999 advisory. This flaw did not affect the version of rsync as shipped with Red Hat Enterprise Linux 6.
Comment 9 errata-xmlrpc 2011-07-21 10:48:24 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0999 https://rhn.redhat.com/errata/RHSA-2011-0999.html
Comment 10 errata-xmlrpc 2011-07-21 12:29:39 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0999 https://rhn.redhat.com/errata/RHSA-2011-0999.html
Comment 11 Josh Bressers 2011-08-03 18:27:40 UTC 
Statement:

The Red Hat Security Response Team has rated this issue as having moderate
security impact. This flaw has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:0999 advisory. This flaw did not affect the version of rsync as shipped with Red Hat Enterprise Linux 6.

Red Hat does not intend to fix this flaw in Red Hat Enterprise Linux 4.