Denial of Service : Rsync Multiple Denial of Service Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801772

Categoría: Denial of Service

Título: Rsync Multiple Denial of Service Vulnerabilities - Windows

Resumen: Rsync is prone to multiple denial of service vulnerabilities.

Descripción: Summary:
Rsync is prone to multiple denial of service vulnerabilities.

Vulnerability Insight:
The flaws are due to

- a memory corruption error when processing malformed file list data.

- error while handling directory paths, '--backup-dir', filter/exclude lists.

Vulnerability Impact:
Successful exploitation will allow remote attackers to crash an affected
application or execute arbitrary code by tricking a user into connecting
to a malicious rsync server and using the '--recursive' and '--delete'
options without the '--owner' option.

Affected Software/OS:
rsync version 3.x before 3.0.8

Solution:
Upgrade to rsync version 3.0.8 or later

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1097
1025256
http://securitytracker.com/id?1025256
44071
http://secunia.com/advisories/44071
44088
http://secunia.com/advisories/44088
ADV-2011-0792
http://www.vupen.com/english/advisories/2011/0792
ADV-2011-0793
http://www.vupen.com/english/advisories/2011/0793
ADV-2011-0873
http://www.vupen.com/english/advisories/2011/0873
ADV-2011-0876
http://www.vupen.com/english/advisories/2011/0876
FEDORA-2011-4389
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057641.html
FEDORA-2011-4413
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.html
FEDORA-2011-4427
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.html
HPSBMU02752
http://marc.info/?l=bugtraq&m=133226187115472&w=2
MDVSA-2011:066
http://www.mandriva.com/security/advisories?name=MDVSA-2011:066
RHSA-2011:0390
http://www.redhat.com/support/errata/RHSA-2011-0390.html
SSRT100802
SUSE-SR:2011:009
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
[rsync] 20110122 rsync -rcv printing out filenames when content identical
http://lists.samba.org/archive/rsync/2011-January/025988.html
http://gitweb.samba.org/?p=rsync.git%3Ba=commit%3Bh=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6
http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=675036
https://bugzilla.samba.org/show_bug.cgi?id=7936

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801772
Categoría:	Denial of Service
Título:	Rsync Multiple Denial of Service Vulnerabilities - Windows
Resumen:	Rsync is prone to multiple denial of service vulnerabilities.
Descripción:	Summary: Rsync is prone to multiple denial of service vulnerabilities. Vulnerability Insight: The flaws are due to - a memory corruption error when processing malformed file list data. - error while handling directory paths, '--backup-dir', filter/exclude lists. Vulnerability Impact: Successful exploitation will allow remote attackers to crash an affected application or execute arbitrary code by tricking a user into connecting to a malicious rsync server and using the '--recursive' and '--delete' options without the '--owner' option. Affected Software/OS: rsync version 3.x before 3.0.8 Solution: Upgrade to rsync version 3.0.8 or later CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1097 1025256 http://securitytracker.com/id?1025256 44071 http://secunia.com/advisories/44071 44088 http://secunia.com/advisories/44088 ADV-2011-0792 http://www.vupen.com/english/advisories/2011/0792 ADV-2011-0793 http://www.vupen.com/english/advisories/2011/0793 ADV-2011-0873 http://www.vupen.com/english/advisories/2011/0873 ADV-2011-0876 http://www.vupen.com/english/advisories/2011/0876 FEDORA-2011-4389 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057641.html FEDORA-2011-4413 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.html FEDORA-2011-4427 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.html HPSBMU02752 http://marc.info/?l=bugtraq&m=133226187115472&w=2 MDVSA-2011:066 http://www.mandriva.com/security/advisories?name=MDVSA-2011:066 RHSA-2011:0390 http://www.redhat.com/support/errata/RHSA-2011-0390.html SSRT100802 SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html [rsync] 20110122 rsync -rcv printing out filenames when content identical http://lists.samba.org/archive/rsync/2011-January/025988.html http://gitweb.samba.org/?p=rsync.git%3Ba=commit%3Bh=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6 http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS https://bugzilla.redhat.com/show_bug.cgi?id=675036 https://bugzilla.samba.org/show_bug.cgi?id=7936
Copyright	Copyright (C) 2011 Greenbone AG