CVE-2004-0426
rsync - directory traversal
EPSS 3.4%
Description
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
How to fix CVE-2004-0426
To remediate CVE-2004-0426, upgrade the affected package to a fixed version below.
- Debian/rsync—upgrade to 2.6.1-1 or later
- Debian/rsync—upgrade to 2.5.5-0.5 or later
Is CVE-2004-0426 being exploited?
Low — EPSS is 3.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.6.1-1
- from 0, < 2.5.5-0.5