Lucene search
K

2463 matches found

RedHat Linux
RedHat Linux
added 2003/12/04 9:14 p.m.2 views

security flaw

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail...

7.5CVSS6.5AI score0.21157EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2003/12/04 9:9 p.m.5 views

Critical: Red Hat Security Advisory: : : : New rsync packages fix remote security vulnerability

Updated rsync packages are now available that fix a heap overflow in the Rsync server. rsync is a program for sychronizing files over the network. A heap overflow bug exists in rsync versions prior to 2.5.7. On machines where the rsync server has been enabled, a remote attacker could use this fla...

7.5CVSS6.2AI score0.21157EPSS
Exploits1References1
Debian
Debian
added 2003/12/04 4:9 p.m.28 views

[SECURITY] [DSA 404-1] New rsync packages fix unauthorised remote code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 404-1 [email protected] http://www.debian.org/security/ Martin Schulze December 4th, 2003 http://www.debian.org/security/faq -...

7.5CVSS1AI score0.21157EPSS
Exploits1
Debian
Debian
added 2003/12/04 4:9 p.m.34 views

[SECURITY] [DSA 404-1] New rsync packages fix unauthorised remote code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 404-1 [email protected] http://www.debian.org/security/ Martin Schulze December 4th, 2003 http://www.debian.org/security/faq -...

7.5CVSS6.4AI score0.21157EPSS
Exploits1
Slackware Linux
Slackware Linux
added 2003/12/04 7:50 a.m.13 views

[slackware-security] rsync security update

Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, and is easier to exploit if the non-default option "use chroo...

7.5AI score
Exploits0
Symantec
Symantec
added 2003/12/04 12:0 a.m.13 views

RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability

Description rsync has been reported prone to an undisclosed heap overflow vulnerability when running in daemon mode. The issue has been reported to be remotely exploitable and will provide for an execution of arbitrary code. Technologies Affected Apple Mac OS X 10.2.8 Apple Mac OS X 10.3.2 Apple...

0.3AI score
Exploits0References5Affected Software9
Gentoo Linux
Gentoo Linux
added 2003/12/04 12:0 a.m.32 views

rsync: exploitable heap overflow

Background rsync is a popular file transfer package used to synchronize the Portage tree. Description Rsync version 2.5.6 contains a vulnerability that can be used to run arbitrary code. The Gentoo infrastructure team has some reasonably good forensic evidence that this exploit may have been used...

7.5CVSS7.1AI score0.21157EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2003/12/04 12:0 a.m.37 views

rsync < 2.5.7 Unspecified Remote Heap Overflow

The remote rsync server is affected by a heap buffer overflow condition when running in server mode. An attacker can exploit this issue to gain a shell on the host and execute arbitrary code. Note that since rsync does not advertise its version number and since there are few details about this fl...

7.5CVSS6.2AI score0.21157EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2003/12/04 12:0 a.m.29 views

rsync buffer overflow in server mode

When rsync is run in server mode, a buffer overflow could allow a remote attacker to execute arbitrary code with the privileges of the rsync server. Anonymous rsync servers are at the highest risk...

7.5CVSS7.7AI score0.21157EPSS
Exploits1References2
OSV
OSV
added 2003/12/04 12:0 a.m.29 views

DSA-404 rsync - heap overflow

Bulletin has no description...

7.5CVSS6AI score0.21157EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2003/03/14 12:0 a.m.26 views

rsync I/O Functions Multiple Signedness Errors RCE

The remote rsync server is affected by multiple signedness errors in the I/O functions. An unauthenticated, remote attacker can exploit these to cause a denial of service or execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11390; scriptversion...

10CVSS6AI score0.34016EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/14 12:0 a.m.66 views

rsync Service Detection

The remote rsync server can be accessed remotely. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11389; scriptversion "$Revision: 1.24 $"; scriptcvsdate"$Date: 2017/06/12 21:52:41 $"; scriptnameenglish:"rsync Service Detection"; scriptsummaryenglish:"Shows the remote...

7.1AI score
Exploits0References1
CERT
CERT
added 2002/09/16 12:0 a.m.18 views

rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution

Overview There exist several signed-integer vulnerabilities in rsync. If rsync is run as a daemon, a remote-root compromise may be possible. Description Included in most distributions of Linux, rsync is a popular tool for synchronizing files across multiple hosts. Though not enabled in the defaul...

10CVSS7.1AI score0.34016EPSS
Exploits0
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.21 views

CVE-2002-0080

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed...

8.6AI score0.00521EPSS
Exploits0References5
CVE
CVE
added 2002/06/25 4:0 a.m.74 views

CVE-2002-0080

CVE-2002-0080 affects rsync when run in daemon mode: it does not call setgroups before dropping privileges, potentially letting local users inherit supplementary group privileges and read files they shouldn’t. The vulnerability is demonstrated across multiple advisories (Mandrake/MDKSA-2002:024, ...

2.1CVSS9.1AI score0.00521EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2002/03/15 5:0 a.m.21 views

CVE-2002-0080

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed...

2.1CVSS8.3AI score0.00521EPSS
Exploits0References5
Slackware Linux
Slackware Linux
added 2002/03/11 3:25 p.m.38 views

rsync update fixes security problems

New rsync packages are available to fix security problems. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Mon Mar 11 15:09:26 PST 2002 patches/packages/rsync.tgz: Upgraded to rsync-2.5.3. This fixes two security problems: Make sure that supplementary groups...

7.5CVSS6.2AI score0.09511EPSS
Exploits0
NVD
NVD
added 2002/02/27 5:0 a.m.18 views

CVE-2002-0048

Multiple signedness errors mixed signed and unsigned numbers in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server...

10CVSS7.5AI score0.34016EPSS
Exploits0References14
Snyk
Snyk
added 2002/02/27 5:0 a.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. Multiple signedness errors mixed signed and unsigned numbers in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsy...

10CVSS7.8AI score0.34016EPSS
Exploits0References2
Cvelist
Cvelist
added 2002/02/18 5:0 a.m.23 views

CVE-2002-0048

Multiple signedness errors mixed signed and unsigned numbers in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server...

7.5AI score0.34016EPSS
Exploits0References14
Rows per page
Query Builder