This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated rsync packages are now available that fix a heap overflow in
the Rsync server.
rsync is a program for sychronizing files over the network.
A heap overflow bug exists in rsync versions prior to 2.5.7. On
machines where the rsync server has been enabled, a remote attacker
could use this flaw to execute arbitrary code as an unprivileged user.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0962 to this issue.
All users should upgrade to these erratum packages containing version
2.5.7 of rsync, which is not vulnerable to this issue.
NOTE: The rsync server is disabled (off) by default in Red Hat
Enterprise Linux. To check if the rsync server has been enabled (on),
run the following command :
/sbin/chkconfig --list rsync
If the rsync server has been enabled but is not required, it can be
disabled by running the following command as root :
/sbin/chkconfig rsync off
Red Hat would like to thank the rsync team for their rapid response
and quick fix for this issue.
See also :
Update the affected rsync package.
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12440 ()
CVE ID: CVE-2003-0962
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.