RHEL 2.1 / 3 : rsync (RHSA-2003:399)

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated rsync packages are now available that fix a heap overflow in
the Rsync server.

rsync is a program for sychronizing files over the network.

A heap overflow bug exists in rsync versions prior to 2.5.7. On
machines where the rsync server has been enabled, a remote attacker
could use this flaw to execute arbitrary code as an unprivileged user.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0962 to this issue.

All users should upgrade to these erratum packages containing version
2.5.7 of rsync, which is not vulnerable to this issue.

NOTE: The rsync server is disabled (off) by default in Red Hat
Enterprise Linux. To check if the rsync server has been enabled (on),
run the following command :

/sbin/chkconfig --list rsync

If the rsync server has been enabled but is not required, it can be
disabled by running the following command as root :

/sbin/chkconfig rsync off

Red Hat would like to thank the rsync team for their rapid response
and quick fix for this issue.

See also :


Solution :

Update the affected rsync package.

Risk factor :

High / CVSS Base Score : 7.5
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12440 ()

Bugtraq ID:

CVE ID: CVE-2003-0962

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now