rsync Unspecified Remote Heap Overflow

2003-12-04T06:11:40
ID OSVDB:2898
Type osvdb
Reporter OSVDB
Modified 2003-12-04T06:11:40

Description

Vulnerability Description

Due to an unspecified boundary error in the rsync server, a remote attacker can execute remote commands via a heap overflow. If exploited, the attacker could run commands as the same UID the rsync server runs under.

Solution Description

Upgrade to version 2.5.7 or higher, as it has been reported to fix this vulnerability. Disabling the rsync server service completely is a temporary workaround.

Short Description

Due to an unspecified boundary error in the rsync server, a remote attacker can execute remote commands via a heap overflow. If exploited, the attacker could run commands as the same UID the rsync server runs under.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:10353 Nessus Plugin ID:11943 Nessus Plugin ID:14093 Nessus Plugin ID:12609 Nessus Plugin ID:13666 Nessus Plugin ID:12440 Nessus Plugin ID:13818 ISS X-Force ID: 13899 CVE-2003-0962