Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2093

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-2093
Last Modified 05 Sep 2008 04:43:10
Published 09 Feb 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2093

Summary

Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.

Vulnerable Systems


References

XF - linux-rsync-opensocketout-bo(15108)

VULN-DEV - 20040209 rsync <= 2.5.7 local buffer overflow (no root today:)


Last Updated: 27 May 2016 10:39:21