Lucene search

[email protected]CVE-2004-2093

HistoryMay 19, 2005 - 4:00 a.m.

CVE-2004-2093

2005-05-1904:00:00

[email protected]

web.nvd.nist.gov

cve-2004-2093

buffer overflow

open socket out

rsync 2.5.7

denial of service

arbitrary code

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.

Affected configurations

NVD

Node

gnursyncRange≤2.5.7

References

archives.neohapsis.com/archives/vuln-dev/2004-q1/0091.html

exchange.xforce.ibmcloud.com/vulnerabilities/15108

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2004-2093

nvd1 debiancve1 cvelist1