CVE-2004-2093: Buffer Overflow
First published: Mon Feb 09 2004(Updated: )
Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gnu Rsync | <=2.5.7 | |
| Gnu Rsync | <=2.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- vendor/gnu
- product/rsync
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/description
- agent/status
- agent/last-modified-date
- agent/softwarecombine
- agent/type
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- canonical/gnu rsync
- version/gnu rsync/2.5.7
- status/rejected