Bug 407171 - (CVE-2007-6200) CVE-2007-6200 rsync excluded content access restrictions bypass via symlinks
CVE-2007-6200 rsync excluded content access restrictions bypass via symlinks
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
public=20071128,reported=20071201,sou...
: Security
Depends On: 717458
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-30 22:38 EST by Red Hat Product Security
Modified: 2011-08-03 14:27 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-08-03 14:27:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-11-30 22:38:07 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6200 to the following vulnerability:

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

References:

http://rsync.samba.org/security.html#s3_0_0
http://www.securityfocus.com/bid/26639
http://securitytracker.com/id?1019012
http://secunia.com/advisories/27863
Comment 1 Lubomir Kundrak 2007-12-05 13:34:23 EST
The Red Hat Security Response Team has rated this issue as having moderate
security impact, a future update may address this flaw.
Comment 6 Red Hat Bugzilla 2009-10-23 15:04:06 EDT
Reporter changed to security-response-team@redhat.com by request of Jay Turner.
Comment 7 Vincent Danen 2010-12-22 18:28:44 EST
Upstream patches to fix this issue (they have it noted as three issues, not sure if all three got different CVE names or not):

http://rsync.samba.org/ftp/rsync/munge-symlinks-2.6.9.diff
http://rsync.samba.org/ftp/rsync/security/rsync-2.6.9-daemon-exclude.diff
http://rsync.samba.org/ftp/rsync/security/rsync-2.6.9-daemon-ids.diff

These were all fixed in 3.0.0.

Statement:

The Red Hat Security Response Team has rated this issue as having moderate
security impact, a future rsync package update may address this flaw in Red Hat Enterprise Linux 4. This flaw has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:0999 advisory. This flaw did not affect the version of rsync as shipped with Red Hat Enterprise Linux 6.
Comment 9 errata-xmlrpc 2011-07-21 06:48:24 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0999 https://rhn.redhat.com/errata/RHSA-2011-0999.html
Comment 10 errata-xmlrpc 2011-07-21 08:29:39 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0999 https://rhn.redhat.com/errata/RHSA-2011-0999.html
Comment 11 Josh Bressers 2011-08-03 14:27:40 EDT
Statement:

The Red Hat Security Response Team has rated this issue as having moderate
security impact. This flaw has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:0999 advisory. This flaw did not affect the version of rsync as shipped with Red Hat Enterprise Linux 6.

Red Hat does not intend to fix this flaw in Red Hat Enterprise Linux 4.

Note You need to log in before you can comment on or make changes to this bug.