Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52974
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2003-67 (rsync)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to rsync
announced via advisory TLSA-2003-67.

rsync uses the rsync algorithm which provides a very fast method for
bringing remote files into sync. It does this by sending just the
differences in the files across the link, without requiring that both
sets of files are present at one of the ends of the link beforehand.
Rsync version 2.5.6 and earlier contains a heap overflow vulnerability
that can be used to remotely run arbitrary code.

Please note that this vulnerability only affects the use of rsync as a rsync server.

This vulnerability may allow remote third party to gain the root privileges.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2003-67

Risk factor : High

CVSS Score:
7.5

Cross-Ref: BugTraq ID: 9153
Common Vulnerability Exposure (CVE) ID: CVE-2003-0962
http://www.securityfocus.com/bid/9153
Bugtraq: 20031204 GLSA: exploitable heap overflow in rsync (200312-03) (Google Search)
http://marc.info/?l=bugtraq&m=107056923528423&w=2
Bugtraq: 20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync) (Google Search)
http://marc.info/?l=bugtraq&m=107055702911867&w=2
Bugtraq: 20031204 rsync security advisory (fwd) (Google Search)
http://marc.info/?l=bugtraq&m=107055681311602&w=2
CERT/CC vulnerability note: VU#325603
http://www.kb.cert.org/vuls/id/325603
Conectiva Linux advisory: CLA-2003:794
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794
Debian Security Information: DSA-404 (Google Search)
En Garde Linux Advisory: ESA-20031204-032
Immunix Linux Advisory: IMNX-2003-73-001-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:111
http://www.osvdb.org/2898
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415
http://www.redhat.com/support/errata/RHSA-2003-398.html
http://secunia.com/advisories/10353
http://secunia.com/advisories/10354
http://secunia.com/advisories/10355
http://secunia.com/advisories/10356
http://secunia.com/advisories/10357
http://secunia.com/advisories/10358
http://secunia.com/advisories/10359
http://secunia.com/advisories/10360
http://secunia.com/advisories/10361
http://secunia.com/advisories/10362
http://secunia.com/advisories/10363
http://secunia.com/advisories/10364
http://secunia.com/advisories/10378
http://secunia.com/advisories/10474
SGI Security Advisory: 20031202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
SuSE Security Announcement: SuSE-SA:2003:050 (Google Search)
http://marc.info/?l=bugtraq&m=107055684711629&w=2
XForce ISS Database: linux-rsync-heap-overflow(13899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.