{"vuid":"VU#325603","idnumber":"325603","name":"Integer overflow vulnerability in rsync","keywords":["rsync","heap overflow","integer overflow"],"overview":"Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system.","clean_desc":"rsync is an open source utility that provides fast incremental file transfer. It features the ability to operate as either a client or server when transferring data over a network. An integer overflow error has been discovered in a portion of rsync's memory handling routines. An attacker sending an extremely large, specifically crafted file may be able to exploit this error to execute arbitrary code from the heap of the rsync process address space. This error results in a vulnerability primarily when the rsync program is used in server mode, accepting input from remote clients over the network. Versions of the rsync software 2.5.6 and earlier contain this flaw. Note: We have received reports of this vulnerability being used to successfully compromise systems.","impact":"An attacker may be able to execute arbitrary code in the context of the user running the rsync server, often root.","resolution":"Apply patches rsync version 2.5.7 has been released and contains patches to address this vulnerability. Users using packaged versions of the rsync software are encouraged to review the vendor information in the Systems Affected section of this document for more details. Users compiling the rsync software from the distribution source code can obtain the patched version from the rsync homepage.","workarounds":"Workarounds Administrators, particularly those who are unable to apply the patches in a timely fashion, are encouraged to consider implementing the following workarounds: Disable the rsync service on systems that do not require it to be running. Filter access to the rsync service. The rsync service normally runs on port 873/tcp. Limiting access to this port from trusted clients may reduce exposure to this vulnerability.","sysaffected":"","thanks":"Timo Sirainen originally discovered and reported this vulnerability. The rsync development team credits Mike Warfield, Paul Russell, and Andrea Barisani with providing additional information that led to the development of a fix and advisory.","author":"This document was written by Chad R Dougherty.","public":["http://www.mail-archive.com/rsync@lists.samba.org/msg08271.html","http://www.secunia.com/advisories/10353/","http://www.secunia.com/advisories/10354/","http://www.secunia.com/advisories/10355/","http://www.secunia.com/advisories/10356/","http://www.secunia.com/advisories/10357/","http://www.secunia.com/advisories/10358/","http://www.secunia.com/advisories/10359/","http://www.secunia.com/advisories/10360/","http://www.secunia.com/advisories/10361/","http://www.secunia.com/advisories/10362/","http://www.secunia.com/advisories/10363/","http://www.secunia.com/advisories/10364/","http://www.secunia.com/advisories/10378/","http://www.secunia.com/advisories/10474/"],"cveids":["CVE-2003-0962"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-12-03T22:02:03Z","publicdate":"2003-10-03T00:00:00Z","datefirstpublished":"2003-12-09T21:27:54Z","dateupdated":"2006-05-01T19:33:29Z","revision":29,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"18","cam_exploitation":"8","cam_internetinfrastructure":"15","cam_population":"10","cam_impact":"17","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"29.4046875","cam_scorecurrentwidelyknown":"30.8390625","cam_scorecurrentwidelyknownexploited":"39.4453125","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":29.4046875,"vulnote":null}