Fluid Attacks Database

Description

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	rsync	>=0 <2.6.9-6	2.6.9-6
debian 11	rsync	>=0 <2.6.9-6	2.6.9-6
debian 12	rsync	>=0 <2.6.9-6	2.6.9-6
debian 14	rsync	>=0 <2.6.9-6	2.6.9-6
rpm rhel5	rsync	<0:3.0.6-4.el5	0:3.0.6-4.el5

Aliases

1. CVE-2007-62002. NVD-2007-62003. OSV-DEBIAN-2007-62004. OSV-2007-62005. SECURITY-TRACKER-CVE-2007-6200

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.