CyberSec.Space Logo
Back to CVE Browser

CVE-2007-6200

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile42.66th
PublishedDec 1, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

Affected Platforms (CPE)

πŸ“¦
Rsync

Rsync

= 2.3.1
πŸ“¦
Rsync

Rsync

= 2.3.2
πŸ“¦
Rsync

Rsync

= 2.3.2_1.2alpha
πŸ“¦
Rsync

Rsync

= 2.3.2_1.2arm
πŸ“¦
Rsync

Rsync

= 2.3.2_1.2intel
πŸ“¦
Rsync

Rsync

= 2.3.2_1.2m68k
πŸ“¦
Rsync

Rsync

= 2.3.2_1.2ppc
πŸ“¦
Rsync

Rsync

= 2.3.2_1.2sparc
πŸ“¦
Rsync

Rsync

= 2.3.2_1.3
πŸ“¦
Rsync

Rsync

= 2.4.0
πŸ“¦
Rsync

Rsync

= 2.4.1
πŸ“¦
Rsync

Rsync

= 2.4.3
πŸ“¦
Rsync

Rsync

= 2.4.4
πŸ“¦
Rsync

Rsync

= 2.4.5
πŸ“¦
Rsync

Rsync

= 2.4.6
πŸ“¦
Rsync

Rsync

= 2.4.8
πŸ“¦
Rsync

Rsync

= 2.5.0
πŸ“¦
Rsync

Rsync

= 2.5.1
πŸ“¦
Rsync

Rsync

= 2.5.2
πŸ“¦
Rsync

Rsync

= 2.5.3
πŸ“¦
Rsync

Rsync

= 2.5.4
πŸ“¦
Rsync

Rsync

= 2.5.5
πŸ“¦
Rsync

Rsync

= 2.5.6
πŸ“¦
Rsync

Rsync

= 2.5.7
πŸ“¦
Rsync

Rsync

= 2.6
πŸ“¦
Rsync

Rsync

= 2.6.1
πŸ“¦
Rsync

Rsync

= 2.6.2
πŸ“¦
Rsync

Rsync

= 2.6.5
πŸ“¦
Rsync

Rsync

= 2.6.6
πŸ“¦
Rsync

Rsync

= 2.6.7
πŸ“¦
Rsync

Rsync

= 2.6.8
πŸ“¦
Rsync

Rsync

= 2.6.9

References & Advisories

πŸ”— http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
πŸ”— http://rsync.samba.org/security.html#s3_0_0
πŸ”— http://secunia.com/advisories/27853
πŸ”— http://secunia.com/advisories/27863
πŸ”— http://secunia.com/advisories/28412
πŸ”— http://secunia.com/advisories/28457
πŸ”— http://secunia.com/advisories/31326

Related Vulnerabilities

CVE-2015-093210.0

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, ...

CVE-2002-004810.0

Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allo...

CVE-2017-165489.8

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xat...

CVE-2017-159949.8

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass inten...