Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0962

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0962
Last Modified 21 Aug 2010 12:17:26
Published 15 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0962

Summary

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

Vulnerable Systems

Operating System

  • Engardelinux Secure Community 1.0.1

  • Engardelinux Secure Community 2.0

  • Engardelinux Secure Linux 1.1

  • Engardelinux Secure Linux 1.2

  • Engardelinux Secure Linux 1.5

  • Slackware Linux 8.1

  • Slackware Linux 9.0

  • Slackware Linux 9.1

  • Slackware Linux Current

Application

  • Andrew Tridgell Rsync 2.3.1

  • Andrew Tridgell Rsync 2.3.2

  • Andrew Tridgell Rsync 2.4.0

  • Andrew Tridgell Rsync 2.4.1

  • Andrew Tridgell Rsync 2.4.3

  • Andrew Tridgell Rsync 2.4.4

  • Andrew Tridgell Rsync 2.4.5

  • Andrew Tridgell Rsync 2.4.6

  • Andrew Tridgell Rsync 2.4.8

  • Andrew Tridgell Rsync 2.5.0

  • Andrew Tridgell Rsync 2.5.1

  • Andrew Tridgell Rsync 2.5.2

  • Andrew Tridgell Rsync 2.5.3

  • Andrew Tridgell Rsync 2.5.4

  • Andrew Tridgell Rsync 2.5.5

  • Andrew Tridgell Rsync 2.5.6

  • Redhat Rsync 2.4.6-2

  • Redhat Rsync 2.4.6-5

  • Redhat Rsync 2.5.4-2

  • Redhat Rsync 2.5.5-1

  • Redhat Rsync 2.5.5-4


References

CERT-VN - VU#325603

BID - 9153

REDHAT - RHSA-2003:398

BUGTRAQ - 20031204 rsync security advisory (fwd)

XF - linux-rsync-heap-overflow(13899)

OSVDB - 2898

SECUNIA - 10474

SECUNIA - 10378

SECUNIA - 10364

SECUNIA - 10363

SECUNIA - 10362

SECUNIA - 10361

SECUNIA - 10360

SECUNIA - 10359

SECUNIA - 10358

SECUNIA - 10357

SECUNIA - 10356

SECUNIA - 10355

SECUNIA - 10354

SECUNIA - 10353

BUGTRAQ - 20031204 GLSA: exploitable heap overflow in rsync (200312-03)

BUGTRAQ - 20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync)

TRUSTIX - 2003-0048

CONECTIVA - CLA-2003:794

SGI - 20031202-01-U

MANDRAKE - MDKSA-2003:111


Last Updated: 27 May 2016 10:38:06