rsync < 2.5.7 Unspecified Remote Heap Overflow

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

Arbitrary code may be run on the remote server.

Description :

The remote rsync server might be vulnerable to a heap overflow.
An attacker may use this flaw to gain a shell on this host

*** Since rsync does not advertise its version number and since there
*** are little details about this flaw at this time, this might be a
*** false positive

Solution :

Upgrade to rsync 2.5.7

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 11943 ()

Bugtraq ID: 9153

CVE ID: CVE-2003-0962