Vulnerability in Andrew_tridgell Rsync
CVE-2003-0962
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
EPSS: 0.212 (97.3th percentile) — read the EPSS interpretation.
Affected products
- Andrew_tridgell Rsync — versions 2.3.1, 2.3.2, 2.4.0
- Engardelinux Secure_community — versions 1.0.1, 2.0
- Engardelinux Secure_linux — versions 1.1, 1.2, 1.5
- Slackware Slackware_linux — versions 8.1, 9.0, 9.1
- Redhat Rsync — versions 2.4.6-2, 2.4.6-5, 2.5.4-2
- N/a — versions n/a
Public proof-of-concept exploits
References
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vendor-advisory, x_refsource_TRUSTIX)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
Frequently asked questions
- What is CVE-2003-0962?
- CVE-2003-0962 is a vulnerability in Andrew_tridgell Rsync. Published 2003-12-15.
- Is CVE-2003-0962 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.