Buffer overflow in Samba Rsync

CVE-2011-1097

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malfor…

Vulnerability class: Buffer Overflow

EPSS: 0.016 (82.2th percentile) — read the EPSS interpretation.

Affected products

Samba Rsync — versions 3.0.0, 3.0.1, 3.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

44088 (x_refsource_SECUNIA, third-party-advisory)
FEDORA-2011-4413 (x_refsource_FEDORA, vendor-advisory)
HPSBMU02752 (x_refsource_HP, vendor-advisory)
[rsync] 20110122 rsync -rcv printing out filenames when content identical (mailing-list, x_refsource_MLIST)
SUSE-SR:2011:009 (vendor-advisory, x_refsource_SUSE)
RHSA-2011:0390 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
44071 (x_refsource_SECUNIA, third-party-advisory)
MDVSA-2011:066 (vendor-advisory, x_refsource_MANDRIVA)
FEDORA-2011-4427 (x_refsource_FEDORA, vendor-advisory)