Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1097

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2011-1097
Last Modified 20 Feb 2014 11:40:52
Published 30 Mar 2011 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-1097

Summary

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

Vulnerable Systems

Application

  • Samba Rsync 3.0.0

  • Samba Rsync 3.0.1

  • Samba Rsync 3.0.2

  • Samba Rsync 3.0.3

  • Samba Rsync 3.0.4

  • Samba Rsync 3.0.5

  • Samba Rsync 3.0.6

  • Samba Rsync 3.0.7


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=675036

CONFIRM - http://gitweb.samba.org/?p=rsync.git;a=commit;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6

CONFIRM - https://bugzilla.samba.org/show_bug.cgi?id=7936

VUPEN - ADV-2011-0876

VUPEN - ADV-2011-0873

VUPEN - ADV-2011-0793

VUPEN - ADV-2011-0792

REDHAT - RHSA-2011:0390

MANDRIVA - MDVSA-2011:066

SECTRACK - 1025256

SECUNIA - 44088

SECUNIA - 44071

CONFIRM - http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS

MLIST - [rsync] 20110122 rsync -rcv printing out filenames when content identical

FEDORA - FEDORA-2011-4413

FEDORA - FEDORA-2011-4427

FEDORA - FEDORA-2011-4389

HP - SSRT100802

HP - HPSBMU02752

SUSE - SUSE-SR:2011:009


Last Updated: 27 May 2016 10:53:36