2463 matches found
security flaw
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail...
Critical: Red Hat Security Advisory: : : : New rsync packages fix remote security vulnerability
Updated rsync packages are now available that fix a heap overflow in the Rsync server. rsync is a program for sychronizing files over the network. A heap overflow bug exists in rsync versions prior to 2.5.7. On machines where the rsync server has been enabled, a remote attacker could use this fla...
[SECURITY] [DSA 404-1] New rsync packages fix unauthorised remote code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 404-1 [email protected] http://www.debian.org/security/ Martin Schulze December 4th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 404-1] New rsync packages fix unauthorised remote code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 404-1 [email protected] http://www.debian.org/security/ Martin Schulze December 4th, 2003 http://www.debian.org/security/faq -...
[slackware-security] rsync security update
Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, and is easier to exploit if the non-default option "use chroo...
RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability
Description rsync has been reported prone to an undisclosed heap overflow vulnerability when running in daemon mode. The issue has been reported to be remotely exploitable and will provide for an execution of arbitrary code. Technologies Affected Apple Mac OS X 10.2.8 Apple Mac OS X 10.3.2 Apple...
rsync: exploitable heap overflow
Background rsync is a popular file transfer package used to synchronize the Portage tree. Description Rsync version 2.5.6 contains a vulnerability that can be used to run arbitrary code. The Gentoo infrastructure team has some reasonably good forensic evidence that this exploit may have been used...
rsync < 2.5.7 Unspecified Remote Heap Overflow
The remote rsync server is affected by a heap buffer overflow condition when running in server mode. An attacker can exploit this issue to gain a shell on the host and execute arbitrary code. Note that since rsync does not advertise its version number and since there are few details about this fl...
rsync buffer overflow in server mode
When rsync is run in server mode, a buffer overflow could allow a remote attacker to execute arbitrary code with the privileges of the rsync server. Anonymous rsync servers are at the highest risk...
DSA-404 rsync - heap overflow
Bulletin has no description...
rsync I/O Functions Multiple Signedness Errors RCE
The remote rsync server is affected by multiple signedness errors in the I/O functions. An unauthenticated, remote attacker can exploit these to cause a denial of service or execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11390; scriptversion...
rsync Service Detection
The remote rsync server can be accessed remotely. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11389; scriptversion "$Revision: 1.24 $"; scriptcvsdate"$Date: 2017/06/12 21:52:41 $"; scriptnameenglish:"rsync Service Detection"; scriptsummaryenglish:"Shows the remote...
rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution
Overview There exist several signed-integer vulnerabilities in rsync. If rsync is run as a daemon, a remote-root compromise may be possible. Description Included in most distributions of Linux, rsync is a popular tool for synchronizing files across multiple hosts. Though not enabled in the defaul...
CVE-2002-0080
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed...
CVE-2002-0080
CVE-2002-0080 affects rsync when run in daemon mode: it does not call setgroups before dropping privileges, potentially letting local users inherit supplementary group privileges and read files they shouldn’t. The vulnerability is demonstrated across multiple advisories (Mandrake/MDKSA-2002:024, ...
CVE-2002-0080
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed...
rsync update fixes security problems
New rsync packages are available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Mon Mar 11 15:09:26 PST 2002 patches/packages/rsync.tgz: Upgraded to rsync-2.5.3. This fixes two security problems: Make sure that supplementary groups...
CVE-2002-0048
Multiple signedness errors mixed signed and unsigned numbers in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. Multiple signedness errors mixed signed and unsigned numbers in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsy...
CVE-2002-0048
Multiple signedness errors mixed signed and unsigned numbers in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server...