Vulnerability Note VU#325603
Integer overflow vulnerability in rsync
Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system.
An integer overflow error has been discovered in a portion of rsync's memory handling routines. An attacker sending an extremely large, specifically crafted file may be able to exploit this error to execute arbitrary code from the heap of the rsync process address space. This error results in a vulnerability primarily when the rsync program is used in server mode, accepting input from remote clients over the network.
An attacker may be able to execute arbitrary code in the context of the user running the rsync server, often root.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||21 Jan 2004|
|Debian Linux||Affected||-||08 Dec 2003|
|FreeBSD, Inc.||Affected||-||08 Dec 2003|
|Gentoo Linux||Affected||-||02 Aug 2005|
|Guardian Digital Inc.||Affected||-||08 Dec 2003|
|Immunix||Affected||-||02 Aug 2005|
|Mandriva, Inc.||Affected||-||08 Dec 2003|
|OpenBSD||Affected||-||08 Dec 2003|
|OpenPKG||Affected||-||02 Aug 2005|
|SCO||Affected||-||02 Aug 2005|
|SGI||Affected||-||21 Jan 2004|
|Slackware||Affected||-||08 Dec 2003|
|SUSE Linux||Affected||-||08 Dec 2003|
|Trustix Secure Linux||Affected||-||08 Dec 2003|
|TurboLinux||Affected||-||08 Dec 2003|
CVSS Metrics (Learn More)
Timo Sirainen originally discovered and reported this vulnerability. The rsync development team credits Mike Warfield, Paul Russell, and Andrea Barisani with providing additional information that led to the development of a fix and advisory.
This document was written by Chad R Dougherty.
- CVE IDs: CVE-2003-0962
- Date Public: 03 Oct 2003
- Date First Published: 09 Dec 2003
- Date Last Updated: 01 May 2006
- Severity Metric: 29.40
- Document Revision: 28
If you have feedback, comments, or additional information about this vulnerability, please send us email.