CVE-2011-1097

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

References

http://gitweb.samba.org/?p=rsync.git;a=commit;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057641.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://lists.samba.org/archive/rsync/2011-January/025988.html

http://marc.info/?l=bugtraq&m=133226187115472&w=2

http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS

http://secunia.com/advisories/44071

http://secunia.com/advisories/44088

http://securitytracker.com/id?1025256

http://www.mandriva.com/security/advisories?name=MDVSA-2011:066

http://www.redhat.com/support/errata/RHSA-2011-0390.html

http://www.vupen.com/english/advisories/2011/0792

http://www.vupen.com/english/advisories/2011/0793

http://www.vupen.com/english/advisories/2011/0873

http://www.vupen.com/english/advisories/2011/0876

https://bugzilla.redhat.com/show_bug.cgi?id=675036

https://bugzilla.samba.org/show_bug.cgi?id=7936

Details

Source: MITRE

Published: 2011-03-30

Updated: 2014-02-21

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
79962GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011NessusGentoo Local Security Checks
critical
76011openSUSE Security Update : rsync (openSUSE-SU-2011:0441-1)NessusSuSE Local Security Checks
medium
75727openSUSE Security Update : rsync (openSUSE-SU-2011:0441-1)NessusSuSE Local Security Checks
medium
68237Oracle Linux 6 : rsync (ELSA-2011-0390)NessusOracle Linux Local Security Checks
medium
61003Scientific Linux Security Update : rsync on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
55633FreeBSD : rsync -- incremental recursion memory corruption vulnerability (9a777c23-b310-11e0-832d-00215c6a37bb)NessusFreeBSD Local Security Checks
medium
55084Ubuntu 9.10 / 10.04 LTS / 10.10 : rsync vulnerability (USN-1124-1)NessusUbuntu Local Security Checks
medium
53826SuSE 11.1 Security Update : rsync (SAT Patch Number 4300)NessusSuSE Local Security Checks
medium
53824openSUSE Security Update : rsync (openSUSE-SU-2011:0441-1)NessusSuSE Local Security Checks
medium
53326Fedora 13 : rsync-3.0.8-1.fc13 (2011-4427)NessusFedora Local Security Checks
medium
53325Fedora 14 : rsync-3.0.8-1.fc14 (2011-4413)NessusFedora Local Security Checks
medium
53302Mandriva Linux Security Advisory : rsync (MDVSA-2011:066)NessusMandriva Local Security Checks
medium
53300Fedora 15 : rsync-3.0.8-1.fc15 (2011-4389)NessusFedora Local Security Checks
medium
53204RHEL 6 : rsync (RHSA-2011:0390)NessusRed Hat Local Security Checks
medium