CVE-2003-0962 | Vulnerability Database | Aqua Security

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

Affected Software

Name	Vendor	Start Version	End Version
Rsync	Andrew_tridgell	2.3.1 (including)	2.3.1 (including)
Rsync	Andrew_tridgell	2.3.2 (including)	2.3.2 (including)
Rsync	Andrew_tridgell	2.4.0 (including)	2.4.0 (including)
Rsync	Andrew_tridgell	2.4.1 (including)	2.4.1 (including)
Rsync	Andrew_tridgell	2.4.3 (including)	2.4.3 (including)
Rsync	Andrew_tridgell	2.4.4 (including)	2.4.4 (including)
Rsync	Andrew_tridgell	2.4.5 (including)	2.4.5 (including)
Rsync	Andrew_tridgell	2.4.6 (including)	2.4.6 (including)
Rsync	Andrew_tridgell	2.4.8 (including)	2.4.8 (including)
Rsync	Andrew_tridgell	2.5.0 (including)	2.5.0 (including)
Rsync	Andrew_tridgell	2.5.1 (including)	2.5.1 (including)
Rsync	Andrew_tridgell	2.5.2 (including)	2.5.2 (including)
Rsync	Andrew_tridgell	2.5.3 (including)	2.5.3 (including)
Rsync	Andrew_tridgell	2.5.4 (including)	2.5.4 (including)
Rsync	Andrew_tridgell	2.5.5 (including)	2.5.5 (including)
Rsync	Andrew_tridgell	2.5.6 (including)	2.5.6 (including)
Rsync	Redhat	2.4.6-2 (including)	2.4.6-2 (including)
Rsync	Redhat	2.4.6-5 (including)	2.4.6-5 (including)
Rsync	Redhat	2.5.4-2 (including)	2.5.4-2 (including)
Rsync	Redhat	2.5.5-1 (including)	2.5.5-1 (including)
Rsync	Redhat	2.5.5-4 (including)	2.5.5-4 (including)
Secure_community	Engardelinux	1.0.1 (including)	1.0.1 (including)
Secure_community	Engardelinux	2.0 (including)	2.0 (including)
Secure_linux	Engardelinux	1.1 (including)	1.1 (including)
Secure_linux	Engardelinux	1.2 (including)	1.2 (including)
Secure_linux	Engardelinux	1.5 (including)	1.5 (including)

References

ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000794
http://marc.info/?l=bugtraq\u0026m=107055681311602\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107055684711629\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107055702911867\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107056923528423\u0026w=2
http://secunia.com/advisories/10353
http://secunia.com/advisories/10354
http://secunia.com/advisories/10355
http://secunia.com/advisories/10356
http://secunia.com/advisories/10357
http://secunia.com/advisories/10358
http://secunia.com/advisories/10359
http://secunia.com/advisories/10360
http://secunia.com/advisories/10361
http://secunia.com/advisories/10362
http://secunia.com/advisories/10363
http://secunia.com/advisories/10364
http://secunia.com/advisories/10378
http://secunia.com/advisories/10474
http://www.kb.cert.org/vuls/id/325603
http://www.mandriva.com/security/advisories?name=MDKSA-2003:111
http://www.osvdb.org/2898
http://www.redhat.com/support/errata/RHSA-2003-398.html
http://www.securityfocus.com/bid/9153
https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0962
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html