CVE-2007-4091
rsync - arbitrary code execution
EPSS 10.4%
Description
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
How to fix CVE-2007-4091
To remediate CVE-2007-4091, upgrade the affected package to a fixed version below.
- Debian/rsync—upgrade to 2.6.9-5 or later
- Debian/rsync—upgrade to 2.6.9-2etch1 or later
Is CVE-2007-4091 being exploited?
Moderate — EPSS is 10.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.6.9-5
- from 0, < 2.6.9-2etch1