Vulnerability Details : CVE-2007-4091
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
Vulnerability category: Execute code
Products affected by CVE-2007-4091
- cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4091
6.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4091
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
Vendor statements for CVE-2007-4091
-
Red Hat 2007-08-22Not vulnerable. This flaw did not affect Red Hat Enterprise Linux 2.1, 3, or 4 due to the version of rsync. This flaw does exist in Red Hat Enterprise Linux 5, but due to the nature of the flaw it is not exploitable with any security consequence due to stack-protector.
References for CVE-2007-4091
-
http://www.ubuntu.com/usn/usn-500-1
USN-500-1: rsync vulnerability | Ubuntu security notices | Ubuntu
-
http://www.debian.org/security/2007/dsa-1360
[SECURITY] [DSA 1360-1] New rsync packages fix arbitrary code execution
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089
The Slackware Linux Project: Slackware Security Advisories
-
http://secunia.com/advisories/26518
About Secunia Research | Flexera
-
https://issues.rpath.com/browse/RPL-1647
-
http://secunia.com/advisories/26634
About Secunia Research | Flexera
-
http://www.trustix.org/errata/2007/0026/
Trustix | Empowering Trust and Security in the Digital Age
-
http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908
-
http://c-skills.blogspot.com/2007/08/cve-2007-4091.html
C-skills: CVE-2007-4091
-
http://secunia.com/advisories/26548
About Secunia Research | Flexera
-
http://secunia.com/advisories/26543
About Secunia Research | Flexera
-
http://secunia.com/advisories/26493
About Secunia Research | Flexera
-
http://secunia.com/advisories/26822
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2007/2915
Site en construction
-
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html
Rsync sender.c vulnerability CVE-2007-4091
-
http://secunia.com/advisories/27896
About Secunia Research | Flexera
-
http://www.securityfocus.com/bid/25336
-
http://secunia.com/advisories/26911
About Secunia Research | Flexera
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36072
rsync f_name() function buffer overflow CVE-2007-4091 Vulnerability Report
-
http://secunia.com/advisories/61039
About Secunia Research | Flexera
-
http://security.gentoo.org/glsa/glsa-200709-13.xml
rsync: Two buffer overflows (GLSA 200709-13) — Gentoo security
-
http://www.novell.com/linux/security/advisories/2007_17_sr.html
404 Page Not Found | SUSE
-
http://www.securityfocus.com/archive/1/477628/100/0/threaded
-
http://secunia.com/advisories/26537
About Secunia Research | Flexera
Jump to