Launchpad.net

CVE 2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

Related bugs and status

CVE-2007-6200 (Candidate) is related to these bugs:

Bug #174133: [CVE-2007-6199 and CVE-2007-6200] rsync is vulnerable

Summary				In	Importance	Status
	174133	[CVE-2007-6199 and CVE-2007-6200] rsync is vulnerable		rsync (Ubuntu)	High	Fix Released
	174133	[CVE-2007-6199 and CVE-2007-6200] rsync is vulnerable		rsync (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://rsync.samba.org...
BID: 26639
SECTRACK: 1019012
SECUNIA: 27863
CONFIRM: http://wiki.rpath.com/...
SECUNIA: 27853
MANDRIVA: MDVSA-2008:011
SUSE: SUSE-SR:2008:001
SECUNIA: 28412
SECUNIA: 28457
APPLE: APPLE-SA-2008-07-31
SECUNIA: 31326
VUPEN: ADV-2007-4057
VUPEN: ADV-2008-2268
REDHAT: RHSA-2011:0999
BUGTRAQ: 20080212 FLEA-2008-000...