rsync vulnerability

ID USN-500-1
Type ubuntu
Reporter Ubuntu
Modified 2007-08-20T00:00:00


Sebastian Krahmer discovered that rsync contained an off-by-one
miscalculation when handling certain file paths. By creating a specially
crafted tree of files and tricking an rsync server into processing them,
a remote attacker could write a single NULL to stack memory, possibly
leading to arbitrary code execution.