CVE-2004-0426

EPSS 3.4%

rsync - directory traversal

Published: 7/7/2004Modified: 4/28/2026

Also known as:DEBIAN-CVE-2004-0426

Description

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.

Affected packages (2)

Debian/rsyncfrom 0, < 2.6.1-1
Debian/rsyncfrom 0, < 2.5.5-0.5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2004-0426