FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-1097

This CVE name corresponds to:

Entered Topic
2011-07-20 rsync -- incremental recursion memory corruption vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-1097 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-1097
Phase Assigned(20110224)

Description

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

References

Source Reference
MLIST [rsync] 20110122 rsync -rcv printing out filenames when content identical
CONFIRM http://gitweb.samba.org/?p=rsync.git;a=commit;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6
CONFIRM http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=675036
CONFIRM https://bugzilla.samba.org/show_bug.cgi?id=7936
FEDORA FEDORA-2011-4389
FEDORA FEDORA-2011-4413
FEDORA FEDORA-2011-4427
HP HPSBMU02752
HP SSRT100802
MANDRIVA MDVSA-2011:066
REDHAT RHSA-2011:0390
SUSE SUSE-SR:2011:009
SECTRACK 1025256
SECUNIA 44071
SECUNIA 44088
VUPEN ADV-2011-0792
VUPEN ADV-2011-0793
VUPEN ADV-2011-0873
VUPEN ADV-2011-0876

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.