2466 matches found
CVE-2007-4091
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function...
Arbitrary Code Execution
Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function. Remediation...
CVE-2007-4091
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function...
DEBIAN-CVE-2007-4091
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function...
CVE-2007-4091
CVE-2007-4091 concerns rsync 2.6.9 where multiple off-by-one errors in sender.c (in the f_name handling) could allow remote attackers to execute arbitrary code. The description is consistently stated across multiple sources tied to rsync, highlighting the vulnerable component as sender.c and the ...
CVE-2007-4091
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function...
rsync -- off by one stack overflow
BugTraq reports: The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input. Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility...
SOL5165 - rsync directory traversal vulnerability - CAN-2004-0792
Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Information about this advisory is available at the following location:...
[slackware-security] file [and bin package]
New file packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and -current to fix a security issue. NOTE: In Slackware 11.0 and earlier, the file utility was part of the required "bin" package, so this patch is needed even if your machine does not have a "file" package...
Buffer overflow
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including 1 rdist, 2 rsh, 3 rcp, 4 rsync, and 5 rlogin...
Fedora Core 5 : rsync-2.6.8-1.FC5 (2006-599)
Mon May 8 2006 Jay Fenlason 2.6.8-1.FC5 - New upstream release - Use the upstream xattr patch instead of mine. This closes bz190208 CVE-2006-2083 rsync buffer overflow issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
Fedora Core 4 : rsync-2.6.8-1.FC4 (2006-601)
Fri May 26 2006 Jay Fenlason 2.6.8-1.FC4 - Upgrade to 2.6.8, which closes bz190208 CVE-2006-2083 rsync buffer overflow issue by switching from my xattrs patch to the upstream one. This also obsoletes the -address patch. Note that Tenable Network Security has extracted the preceding description...
FreeBSD : scponly -- local privilege escalation exploits (b5a49db7-72fc-11da-9827-021106004fd6)
Max Vozeler reports : If ALL the following conditions are true, administrators using scponly-4.1 or older may be at risk of a local privilege escalation exploit : - the chrooted setuid scponlyc binary is installed - regular non-scponly users have interactive shell access to the box - a user...
GLSA-200605-05 : rsync: Potential integer overflow
The remote host is affected by the vulnerability described in GLSA-200605-05 rsync: Potential integer overflow An integer overflow was found in the receivexattr function from the extended attributes patch xattr.c for rsync. The vulnerable function is only present when the 'acl' USE flag is set...
[Full-disclosure] [ GLSA 200605-05 ] rsync: Potential integer overflow
Gentoo Linux Security Advisory GLSA 200605-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
rsync: Potential integer overflow
Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description An integer overflow was found in the receivexattr function from the extended...
rsync integer overflow
receivexattr integer overflow...
CVE-2006-2083
Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow...
CVE-2006-2083
Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow...
Integer overflow
Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow...