This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated rsync packages are now available that fix a heap overflow in
the Rsync server.
rsync is a program for sychronizing files over the network.
A heap overflow bug exists in rsync versions prior to 2.5.7. On
machines where the rsync server has been enabled, a remote attacker
could use this flaw to execute arbitrary code as an unprivileged user.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0962 to this issue.
All users should upgrade to these erratum packages containing version
2.5.7 of rsync, which is not vulnerable to this issue.
NOTE: The rsync server is disabled (off) by default in Red Hat
Enterprise Linux. To check if the rsync server has been enabled (on),
run the following command :
/sbin/chkconfig --list rsync
If the rsync server has been enabled but is not required, it can be
disabled by running the following command as root :
/sbin/chkconfig rsync off
Red Hat would like to thank the rsync team for their rapid response
and quick fix for this issue.
See also :
Update the affected rsync package.
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12440 ()
CVE ID: CVE-2003-0962