CVE-2002-0048
First published: Mon Feb 18 2002(Updated: )
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rsync | =2.3.1 | |
| Rsync | =2.3.2 | |
| Rsync | =2.3.2_1.2 | |
| Rsync | =2.3.2_1.2 | |
| Rsync | =2.3.2_1.2 | |
| Rsync | =2.3.2_1.2 | |
| Rsync | =2.3.2_1.2 | |
| Rsync | =2.3.2_1.2 | |
| Rsync | =2.4.1 | |
| Rsync | =2.4.3 | |
| Rsync | =2.4.4 | |
| Rsync | =2.4.6 | |
| Rsync | =2.5.0_1 | |
| Rsync | =2.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.suse.com/archives/suse-security-announce/2002-Jan/0003.html
- http://www.securityfocus.com/bid/3958
- http://www.debian.org/security/2002/dsa-106
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-009.php
- http://www.redhat.com/support/errata/RHSA-2002-018.html
- http://www.linuxsecurity.com/advisories/other_advisory-1853.html
- http://www.caldera.com/support/security/advisories/CSSA-2002-003.0.txt
- http://online.securityfocus.com/advisories/3839
- http://www.iss.net/security_center/static/7993.php
- http://www.kb.cert.org/vuls/id/800635
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000458
- http://marc.info/?l=bugtraq&m=101223603321315&w=2
- http://marc.info/?l=bugtraq&m=101223214906963&w=2
Frequently Asked Questions
What is the severity of CVE-2002-0048?
CVE-2002-0048 is considered a serious vulnerability as it allows for denial of service and potential remote code execution.
How do I fix CVE-2002-0048?
To fix CVE-2002-0048, upgrade to the latest version of rsync that addresses this vulnerability.
Which versions of rsync are affected by CVE-2002-0048?
CVE-2002-0048 affects rsync versions 2.4.6, 2.4.4, 2.4.3, 2.4.1, and earlier versions such as 2.3.2 and 2.3.1.
What attacks can be carried out using CVE-2002-0048?
Attackers may exploit CVE-2002-0048 to cause denial of service or execute arbitrary code on affected rsync clients or servers.
Is there a patch available for CVE-2002-0048?
Yes, patches have been released in newer versions of rsync to mitigate the risks associated with CVE-2002-0048.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/andrew tridgell
- canonical/rsync
- version/rsync/2.3.1
- version/rsync/2.3.2
- version/rsync/2.3.2_1.2
- version/rsync/2.4.1
- version/rsync/2.4.3
- version/rsync/2.4.4
- version/rsync/2.4.6
- version/rsync/2.5.0_1
- version/rsync/2.5.1