Mandrake Linux Security Advisory : rsync (MDKSA-2003:111)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

A vulnerability was discovered in all versions of rsync prior to 2.5.7
that was recently used in conjunction with the Linux kernel do_brk()
vulnerability to compromise a public rsync server.

This heap overflow vulnerability, by itself, cannot yield root access,
however it does allow arbitrary code execution on the host running
rsync as a server. Also note that this only affects hosts running
rsync in server mode (listening on port 873, typically under xinetd).

See also :

http://rsync.samba.org/index.html

Solution :

Update the affected rsync package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14093 (mandrake_MDKSA-2003-111.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0962

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now