Search for vulnerabilities
Vulnerability details: VCID-d8sv-8auf-aaas
Vulnerability ID VCID-d8sv-8auf-aaas
Aliases CVE-2007-4091
Summary Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-193 Off-by-one Error
System Score Found at
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.06935 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.07692 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
epss 0.18114 https://api.first.org/data/v1/epss?cve=CVE-2007-4091
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=252394
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-4091
Reference id Reference type URL
http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908
http://c-skills.blogspot.com/2007/08/cve-2007-4091.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4091.json
https://api.first.org/data/v1/epss?cve=CVE-2007-4091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
http://secunia.com/advisories/26493
http://secunia.com/advisories/26518
http://secunia.com/advisories/26537
http://secunia.com/advisories/26543
http://secunia.com/advisories/26548
http://secunia.com/advisories/26634
http://secunia.com/advisories/26822
http://secunia.com/advisories/26911
http://secunia.com/advisories/27896
http://secunia.com/advisories/61039
http://security.gentoo.org/glsa/glsa-200709-13.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/36072
https://issues.rpath.com/browse/RPL-1647
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html
http://www.debian.org/security/2007/dsa-1360
http://www.novell.com/linux/security/advisories/2007_17_sr.html
http://www.securityfocus.com/archive/1/477628/100/0/threaded
http://www.securityfocus.com/bid/25336
http://www.trustix.org/errata/2007/0026/
http://www.ubuntu.com/usn/usn-500-1
http://www.vupen.com/english/advisories/2007/2915
252394 https://bugzilla.redhat.com/show_bug.cgi?id=252394
438125 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438125
cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*
CVE-2007-4091 https://nvd.nist.gov/vuln/detail/CVE-2007-4091
GLSA-200709-13 https://security.gentoo.org/glsa/200709-13
USN-500-1 https://usn.ubuntu.com/500-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-4091
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90542
EPSS Score 0.06935
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.