Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200709-13
HistorySep 20, 2007 - 12:00 a.m.

rsync: Two buffer overflows

2007-09-2000:00:00
Gentoo Foundation
security.gentoo.org
11

0.184 Low

EPSS

Percentile

96.2%

JSON

Background

rsync is a file transfer program to keep remote directories synchronized.

Description

Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function “f_name()” in file sender.c when processing overly long directory names.

Impact

A remote attacker could entice a user to synchronize a repository containing specially crafted directories, leading to the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All rsync users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.9-r3"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/rsync< 2.6.9-r3UNKNOWN

Related

prion 1
nessus 8
securityvulns 2
cvelist 1
ubuntu 1
f5 2
openvas 14
debian 1
debiancve 1
slackware 1
freebsd 1
ubuntucve 1
cve 1
prion
prion
Code injection
2007-08-16 00:17:00
nessus
nessus
Debian DSA-1360-1 : rsync - buffer overflow
2007-09-03 00:00:00
SuSE 10 Security Update : rsync (ZYPP Patch Number 3997)
2007-12-13 00:00:00
F5 Networks BIG-IP : Rsync sender.c vulnerability (SOL15548)
2014-10-10 00:00:00
securityvulns
securityvulns
[ MDKSA-2007:166 ] - Updated rsync packages fix off-by-one buffer overflow
2007-08-21 00:00:00
Rsync off-by-one buffer overflow
2007-08-21 00:00:00
cvelist
cvelist
CVE-2007-4091
2007-08-16 00:00:00
ubuntu
ubuntu
rsync vulnerability
2007-08-20 00:00:00
f5
f5
K15548 : Rsync sender.c vulnerability CVE-2007-4091
2015-04-29 00:00:00
SOL15548 - Rsync sender.c vulnerability CVE-2007-4091
2014-09-04 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2007-335-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2007-335-01 rsync
2012-09-11 00:00:00
FreeBSD Ports: rsync
2008-09-04 00:00:00
debian
debian
[SECURITY] [DSA 1360-1] New rsync packages fix arbitrary code execution
2007-08-28 00:00:00
debiancve
debiancve
CVE-2007-4091
2007-08-16 00:17:00
slackware
slackware
[slackware-security] rsync
2007-12-02 03:11:40
freebsd
freebsd
rsync -- off by one stack overflow
2007-08-15 00:00:00
ubuntucve
ubuntucve
CVE-2007-4091
2007-08-16 00:00:00
cve
cve
CVE-2007-4091
2007-08-16 00:17:00

0.184 Low

EPSS

Percentile

96.2%

JSON
Related for GLSA-200709-13
prion1nessus8securityvulns2cvelist1ubuntu1f52openvas14debian1debiancve1slackware1freebsd1ubuntucve1cve1