Vulnerability Description
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Andrew Tridgell | Rsync | 2.3.1 |
| Redhat | Rsync | 2.4.6-2 |
| Engardelinux | Secure Community | 1.0.1 |
| Engardelinux | Secure Linux | 1.1 |
| Slackware | Slackware Linux | 8.1 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794
- http://marc.info/?l=bugtraq&m=107055681311602&w=2
- http://marc.info/?l=bugtraq&m=107055684711629&w=2
- http://marc.info/?l=bugtraq&m=107055702911867&w=2
- http://marc.info/?l=bugtraq&m=107056923528423&w=2
- http://secunia.com/advisories/10353
- http://secunia.com/advisories/10354
- http://secunia.com/advisories/10355
- http://secunia.com/advisories/10356
- http://secunia.com/advisories/10357
- http://secunia.com/advisories/10358
- http://secunia.com/advisories/10359
- http://secunia.com/advisories/10360
- http://secunia.com/advisories/10361
FAQ
What is CVE-2003-0962?
CVE-2003-0962 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
How severe is CVE-2003-0962?
CVE-2003-0962 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0962?
Check the references section above for vendor advisories and patch information. Affected products include: Andrew Tridgell Rsync, Redhat Rsync, Engardelinux Secure Community, Engardelinux Secure Linux, Slackware Slackware Linux.