Test ID:	1.3.6.1.4.1.25623.1.0.801772
Category:	Denial of Service
Title:	Rsync Multiple Denial of Service Vulnerabilities - Windows
Summary:	Rsync is prone to multiple denial of service vulnerabilities.
Description:	Summary: Rsync is prone to multiple denial of service vulnerabilities. Vulnerability Insight: The flaws are due to - a memory corruption error when processing malformed file list data. - error while handling directory paths, '--backup-dir', filter/exclude lists. Vulnerability Impact: Successful exploitation will allow remote attackers to crash an affected application or execute arbitrary code by tricking a user into connecting to a malicious rsync server and using the '--recursive' and '--delete' options without the '--owner' option. Affected Software/OS: rsync version 3.x before 3.0.8 Solution: Upgrade to rsync version 3.0.8 or later CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1097 1025256 http://securitytracker.com/id?1025256 44071 http://secunia.com/advisories/44071 44088 http://secunia.com/advisories/44088 ADV-2011-0792 http://www.vupen.com/english/advisories/2011/0792 ADV-2011-0793 http://www.vupen.com/english/advisories/2011/0793 ADV-2011-0873 http://www.vupen.com/english/advisories/2011/0873 ADV-2011-0876 http://www.vupen.com/english/advisories/2011/0876 FEDORA-2011-4389 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057641.html FEDORA-2011-4413 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.html FEDORA-2011-4427 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.html HPSBMU02752 http://marc.info/?l=bugtraq&m=133226187115472&w=2 MDVSA-2011:066 http://www.mandriva.com/security/advisories?name=MDVSA-2011:066 RHSA-2011:0390 http://www.redhat.com/support/errata/RHSA-2011-0390.html SSRT100802 SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html [rsync] 20110122 rsync -rcv printing out filenames when content identical http://lists.samba.org/archive/rsync/2011-January/025988.html http://gitweb.samba.org/?p=rsync.git%3Ba=commit%3Bh=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6 http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS https://bugzilla.redhat.com/show_bug.cgi?id=675036 https://bugzilla.samba.org/show_bug.cgi?id=7936
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.