FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2003-0962

This CVE name corresponds to:

Entered Topic
2004-02-12 rsync buffer overflow in server mode

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2003-0962 at cve.mitre.org

Details

Type Candidate
Name CVE-2003-0962
Phase Assigned(20031126)

Description

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

References

Source Reference
BUGTRAQ 20031204 rsync security advisory (fwd)
SUSE SuSE-SA:2003:050
DEBIAN DSA-404
ENGARDE ESA-20031204-032
CONECTIVA CLA-2003:794
REDHAT RHSA-2003:398
MANDRAKE MDKSA-2003:111
IMMUNIX IMNX-2003-73-001-01
SGI 20031202-01-U
BUGTRAQ 20031204 GLSA: exploitable heap overflow in rsync (200312-03)
TRUSTIX 2003-0048
BUGTRAQ 20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync)
CERT-VN VU#325603
BID 9153
OSVDB 2898
OVAL oval:org.mitre.oval:def:9415
SECUNIA 10353
SECUNIA 10354
SECUNIA 10355
SECUNIA 10356
SECUNIA 10357
SECUNIA 10358
SECUNIA 10359
SECUNIA 10360
SECUNIA 10361
SECUNIA 10362
SECUNIA 10363
SECUNIA 10364
SECUNIA 10378
SECUNIA 10474
XF linux-rsync-heap-overflow(13899)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.