exploits , vulnerabilities , articles , RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability

Title	RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability
Published	2003-12-04-12:00AM
Updated	2004-03-09-04:25PM
Class	Boundary Condition Error
CVE	CAN-2003-0962
Remote	Yes
Local	No
Credit	Discovery credited to Timo Sirainen, Mike Warfield, Paul Russell, and Andrea Barisani.
Vulnerable	Sun Cobalt RaQ XTR Sun Cobalt RaQ 4 Sun Cobalt Qube 3 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux current SGI ProPack 2.3 rsync rsync 2.5.6 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc MandrakeSoft Linux Mandrake 9.2 OpenBSD OpenBSD 3.0 OpenBSD OpenBSD 3.1 OpenBSD OpenBSD 3.2 OpenBSD OpenBSD 3.3 OpenBSD OpenBSD 3.4 OpenPKG OpenPKG Current OpenPKG OpenPKG 1.2 OpenPKG OpenPKG 1.3 RedHat Fedora Core1 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Personal 9.0 Slackware Linux 9.0 Slackware Linux 9.1 rsync rsync 2.5.5 Conectiva Linux 9.0 Debian Linux 3.0 alpha Debian Linux 3.0 arm Debian Linux 3.0 hppa Debian Linux 3.0 ia32 Debian Linux 3.0 ia64 Debian Linux 3.0 m68k Debian Linux 3.0 mips Debian Linux 3.0 mipsel Debian Linux 3.0 ppc Debian Linux 3.0 s/390 Debian Linux 3.0 sparc MandrakeSoft Corporate Server 2.1 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Linux Mandrake 9.0 S.u.S.E. Linux 8.1 Slackware Linux 8.1 rsync rsync 2.5.4 Immunix Immunix OS 7.3 MandrakeSoft Corporate Server 1.0.1 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.1 MandrakeSoft Linux Mandrake 8.1 ia64 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Single Network Firewall 7.2 rsync rsync 2.5.3 rsync rsync 2.5.2 Immunix Immunix OS 7 rsync rsync 2.5.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.5 rsync rsync 2.5 .0 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.5 rsync rsync 2.4.8 rsync rsync 2.4.6 Conectiva Linux 6.0 Conectiva Linux 7.0 Conectiva Linux 8.0 EnGarde Secure Linux 1.0.1 HP Secure OS software for Linux 1.0 MandrakeSoft Corporate Server 1.0.1 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.1 MandrakeSoft Linux Mandrake 8.1 ia64 MandrakeSoft Single Network Firewall 7.2 RedHat Linux 7.2 i386 RedHat Linux 7.2 ia64 S.u.S.E. Linux 7.1 alpha S.u.S.E. Linux 7.1 ppc S.u.S.E. Linux 7.1 sparc S.u.S.E. Linux 7.1 x86 S.u.S.E. Linux 7.2 i386 S.u.S.E. Linux 7.3 i386 S.u.S.E. Linux 7.3 ppc S.u.S.E. Linux 7.3 sparc S.u.S.E. Linux 8.0 Trustix Secure Linux 1.2 Trustix Secure Linux 1.5 rsync rsync 2.4.5 rsync rsync 2.4.4 RedHat Linux 7.0 alpha RedHat Linux 7.0 i386 RedHat Linux 7.1 alpha RedHat Linux 7.1 i386 RedHat Linux 7.1 ia64 rsync rsync 2.4.3 Caldera OpenLinux 2.3 Caldera OpenLinux 3.1 IA64 Caldera OpenLinux Server 3.1 Caldera OpenLinux Workstation 3.1 Trustix Secure Linux 1.1 rsync rsync 2.4.1 RedHat Linux 6.2 alpha RedHat Linux 6.2 i386 RedHat Linux 6.2 sparc Trustix Secure Linux 1.0 1 rsync rsync 2.4 .0 rsync rsync 2.3.2 S.u.S.E. Linux 6.4 alpha S.u.S.E. Linux 6.4 i386 S.u.S.E. Linux 6.4 ppc S.u.S.E. Linux 7.0 alpha S.u.S.E. Linux 7.0 i386 S.u.S.E. Linux 7.0 ppc S.u.S.E. Linux 7.0 sparc rsync rsync 2.3.1 Caldera OpenLinux eBuilder 3.0 Conectiva Linux ecommerce Conectiva Linux graficas Conectiva Linux 5.0 Conectiva Linux 5.1 SCO eDesktop 2.4 SCO eServer 2.3.1 RedHat rsync2.5.54.i386.rpm RedHat Linux 9.0 i386 RedHat rsync2.5.51.i386.rpm RedHat Linux 8.0 i386 RedHat rsync2.5.42.i386.rpm RedHat Linux 7.3 i386 RedHat rsync2.4.65.ia64.rpm RedHat Linux 7.2 ia64 RedHat rsync2.4.65.i386.rpm RedHat Linux 7.2 i386 RedHat rsync2.4.62.i386.rpm RedHat Linux 7.1 i386 EnGarde Secure Professional 1.5 EnGarde Secure Professional 1.2 EnGarde Secure Professional 1.1 EnGarde Secure Community 2.0 EnGarde Secure Community 1.0.1 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.2.8 Apple Mac OS X 10.3.2 Apple Mac OS X 10.2.8
Not Vulnerable	rsync rsync 2.5.7
Code	There is evidence of an exploit for this issue circulating in the wild, however this exploit has not been made public.
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-11-21 SocialEngine HTTP Response Splitting and SQL-injection Vulnerabilities
• 2008-11-21 Oracle Database Vault Privilege Escalation Vulnerability
• 2008-11-20 GeSHi XML Parsing Remote Denial Of Service Vulnerability
• 2008-11-20 Softbiz Classifieds Script Cross Site Scripting Vulnerability
• 2008-11-20 P3nfs Insecure Temporary File Creation Vulnerability
• 2008-11-20 Easyedit Multiple SQL Injection Vulnerabilities
• 2008-11-20 SystemImager Insecure Temporary File Creation Vulnerabilities
• 2008-11-20 Yasna Yazd Discussion Forum Multiple Cross-Site Scripting Vulnerabilities
• 2008-11-20 phpBLASTER CMS Multiple Local File Include Vulnerabilities
• 2008-11-19 Symantec Backup Exec Data Management Protocol Buffer Overflow Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 21 Nov 2008 06:21:25 +0000