Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system.
An integer overflow error has been discovered in a portion of rsync's memory handling routines. An attacker sending an extremely large, specifically crafted file may be able to exploit this error to execute arbitrary code from the heap of the rsync process address space. This error results in a vulnerability primarily when the rsync program is used in server mode, accepting input from remote clients over the network.
An attacker may be able to execute arbitrary code in the context of the user running the rsync server, often root.
Timo Sirainen originally discovered and reported this vulnerability. The rsync development team credits Mike Warfield, Paul Russell, and Andrea Barisani with providing additional information that led to the development of a fix and advisory.
This document was written by Chad R Dougherty.
|Date First Published:||2003-12-09|
|Date Last Updated:||2006-05-01 19:33 UTC|