Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0048

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0048
Last Modified 10 Sep 2008 03:11:09
Published 27 Feb 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0048

Summary

Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.

Vulnerable Systems

Application

  • Andrew Tridgell Rsync 2.3.1

  • Andrew Tridgell Rsync 2.3.2

  • Andrew Tridgell Rsync 2.3.2 1.2

  • Andrew Tridgell Rsync 2.4.1

  • Andrew Tridgell Rsync 2.4.3

  • Andrew Tridgell Rsync 2.4.4

  • Andrew Tridgell Rsync 2.4.6

  • Andrew Tridgell Rsync 2.5.0 1

  • Andrew Tridgell Rsync 2.5.1


References

CERT-VN - VU#800635

BID - 3958

DEBIAN - DSA-106

SUSE - SuSE-SA:2002:004

REDHAT - RHSA-2002:018

ENGARDE - ESA-20020125-004

MANDRAKE - MDKSA-2002:009

XF - linux-rsync-root-access(7993)

CALDERA - CSSA-2002-003.0

HP - HPSBTL0201-022

BUGTRAQ - 20020127 rsync-2.5.2 has security fix (was: Re: [RHSA-2002:018-05] New rsync packages available)

FREEBSD - FreeBSD-SA-02:10

BUGTRAQ - 20020128 TSLSA-2002-0025 - rsync

CONECTIVA - CLA-2002:458


Last Updated: 27 May 2016 10:36:45