FreeBSD : rsync -- incremental recursion memory corruption vulnerability (9a777c23-b310-11e0-832d-00215c6a37bb)

medium Nessus Plugin ID 55633

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

rsync development team reports :

Fixed a data-corruption issue when preserving hard-links without preserving file ownership, and doing deletions either before or during the transfer (CVE-2011-1097). This fixes some assert errors in the hard-linking code, and some potential failed checksums (via -c) that should have matched.

Solution

Update the affected package.

See Also

https://bugzilla.samba.org/show_bug.cgi?id=7936

http://www.nessus.org/u?777a3a58

Plugin Details

Severity: Medium

ID: 55633

File Name: freebsd_pkg_9a777c23b31011e0832d00215c6a37bb.nasl

Version: 1.7

Type: local

Published: 7/21/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:rsync, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/20/2011

Vulnerability Publication Date: 4/8/2011

Reference Information

CVE: CVE-2011-1097