What is the severity of CVE-2003-0962?

CVE-2003-0962 is considered a high severity vulnerability due to the potential for remote code execution.

How do I fix CVE-2003-0962?

To fix CVE-2003-0962, upgrade rsync to version 2.5.7 or later.

What versions of rsync are affected by CVE-2003-0962?

CVE-2003-0962 affects rsync versions prior to 2.5.7.

Can CVE-2003-0962 allow attackers to escape a chroot jail?

Yes, CVE-2003-0962 can potentially allow attackers to escape the chroot jail when exploiting the vulnerability.

Is rsync running in server mode vulnerable to CVE-2003-0962?

Yes, rsync running in server mode is vulnerable to CVE-2003-0962.

Vulnerability/
CVE-2003-0962

high

7.5

CWE

NVD-CWE-Other 119

10/12/2003

8/8/2024

CVE-2003-0962: Buffer Overflow

First published: Wed Dec 10 2003(Updated: )

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat rsync	=2.4.6-2
andrew tridgell rsync	=2.5.1
EngardeLinux Secure Community	=1.0.1
redhat rsync	=2.5.5-1
andrew tridgell rsync	=2.5.5
redhat rsync	=2.4.6-5
engardelinux secure linux	=1.2
engardelinux secure linux	=1.1
andrew tridgell rsync	=2.3.1
andrew tridgell rsync	=2.4.4
andrew tridgell rsync	=2.4.5
andrew tridgell rsync	=2.5.6
EngardeLinux Secure Community	=2.0
andrew tridgell rsync	=2.4.1
andrew tridgell rsync	=2.4.3
andrew tridgell rsync	=2.5.2
andrew tridgell rsync	=2.5.3
andrew tridgell rsync	=2.5.4
redhat rsync	=2.5.5-4
andrew tridgell rsync	=2.4.6
andrew tridgell rsync	=2.4.8
andrew tridgell rsync	=2.3.2
andrew tridgell rsync	=2.4.0
andrew tridgell rsync	=2.5.0
redhat rsync	=2.4.6-5
redhat rsync	=2.5.4-2
engardelinux secure linux	=1.5
Slackware Linux	=9.0
Slackware Linux	=8.1
Slackware Linux	=9.1
Slackware Linux	=current

Remedy

http://www.redhat.com/support/errata/RHSA-2003-398.html

Remedy

http://www.securityfocus.com/bid/9153

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2003-0962?
CVE-2003-0962 is considered a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2003-0962?
To fix CVE-2003-0962, upgrade rsync to version 2.5.7 or later.
What versions of rsync are affected by CVE-2003-0962?
CVE-2003-0962 affects rsync versions prior to 2.5.7.
Can CVE-2003-0962 allow attackers to escape a chroot jail?
Yes, CVE-2003-0962 can potentially allow attackers to escape the chroot jail when exploiting the vulnerability.
Is rsync running in server mode vulnerable to CVE-2003-0962?
Yes, rsync running in server mode is vulnerable to CVE-2003-0962.

agent/references
agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/weakness
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
agent/softwarecombine
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/redhat
canonical/redhat rsync
version/redhat rsync/2.4.6-2
vendor/andrew tridgell
canonical/andrew tridgell rsync
version/andrew tridgell rsync/2.5.1
vendor/engardelinux
canonical/engardelinux secure community
version/engardelinux secure community/1.0.1
version/redhat rsync/2.5.5-1
version/andrew tridgell rsync/2.5.5
version/redhat rsync/2.4.6-5
canonical/engardelinux secure linux
version/engardelinux secure linux/1.2
version/engardelinux secure linux/1.1
version/andrew tridgell rsync/2.3.1
version/andrew tridgell rsync/2.4.4
version/andrew tridgell rsync/2.4.5
version/andrew tridgell rsync/2.5.6
version/engardelinux secure community/2.0
version/andrew tridgell rsync/2.4.1
version/andrew tridgell rsync/2.4.3
version/andrew tridgell rsync/2.5.2
version/andrew tridgell rsync/2.5.3
version/andrew tridgell rsync/2.5.4
version/redhat rsync/2.5.5-4
version/andrew tridgell rsync/2.4.6
version/andrew tridgell rsync/2.4.8
version/andrew tridgell rsync/2.3.2
version/andrew tridgell rsync/2.4.0
version/andrew tridgell rsync/2.5.0
version/redhat rsync/2.5.4-2
version/engardelinux secure linux/1.5
vendor/slackware
canonical/slackware linux
version/slackware linux/9.0
version/slackware linux/8.1
version/slackware linux/9.1
version/slackware linux/current

CVE-2003-0962: Buffer Overflow

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2003-0962?

How do I fix CVE-2003-0962?

What versions of rsync are affected by CVE-2003-0962?

Can CVE-2003-0962 allow attackers to escape a chroot jail?

Is rsync running in server mode vulnerable to CVE-2003-0962?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2003-0962?

How do I fix CVE-2003-0962?

What versions of rsync are affected by CVE-2003-0962?

Can CVE-2003-0962 allow attackers to escape a chroot jail?

Is rsync running in server mode vulnerable to CVE-2003-0962?