This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
A vulnerability was discovered in all versions of rsync prior to 2.5.7
that was recently used in conjunction with the Linux kernel do_brk()
vulnerability to compromise a public rsync server.
This heap overflow vulnerability, by itself, cannot yield root access,
however it does allow arbitrary code execution on the host running
rsync as a server. Also note that this only affects hosts running
rsync in server mode (listening on port 873, typically under xinetd).
See also :
Update the affected rsync package.
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true