Vulnerability Description
Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Rsync | <= 2.5.7 |
References
- http://archives.neohapsis.com/archives/vuln-dev/2004-q1/0091.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15108
- http://archives.neohapsis.com/archives/vuln-dev/2004-q1/0091.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15108
FAQ
What is CVE-2004-2093?
CVE-2004-2093 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PRO...
How severe is CVE-2004-2093?
CVE-2004-2093 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2093?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Rsync.