Launchpad CVE tracker

CVE 2007-4091

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

Related bugs and status

CVE-2007-4091 (Candidate) is related to these bugs:

Bug #133053: Please merge rsync (2.6.9-5) from Debian unstable

Summary				In	Importance	Status
	133053	Please merge rsync (2.6.9-5) from Debian unstable		rsync (Ubuntu)	Undecided	Fix Released

Bug #173608: [rsync] possible execution of arbitrary code

Summary				In	Importance	Status
	173608	[rsync] possible execution of arbitrary code		rsync (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://article.gmane.o...
CONFIRM: http://c-skills.blogsp...
BID: 25336
SUSE: SUSE-SR:2007:017
SECUNIA: 26493
CONFIRM: https://issues.rpath.c...
UBUNTU: USN-500-1
SECUNIA: 26518
SECUNIA: 26537
SECUNIA: 26548
DEBIAN: DSA-1360
SECUNIA: 26634
SECUNIA: 26543
TRUSTIX: 2007-0026
SECUNIA: 26822
GENTOO: GLSA-200709-13
SECUNIA: 26911
SECUNIA: 27896
VUPEN: ADV-2007-2915
CONFIRM: http://support.f5.com/...
SECUNIA: 61039
SLACKWARE: SSA:2007-335-01
XF: rsync-fname-bo(36072)
BUGTRAQ: 20070823 FLEA-2007-004...

Launchpad.net

CVE 2007-4091

Related bugs and status

Related bugs

References