rsync I/O Functions Multiple Signedness Errors RCE

Critical Nessus Plugin ID 11390


Arbitrary code can be run on the remote server.


The remote rsync server is affected by multiple signedness errors in the I/O functions. An unauthenticated, remote attacker can exploit these to cause a denial of service or execute arbitrary code.


Upgrade to rsync version 2.5.2 or later.

Plugin Details

Severity: Critical

ID: 11390

File Name: rsync_array_overflow.nasl

Version: $Revision: 1.17 $

Type: remote

Published: 2003/03/14

Modified: 2016/01/15

Dependencies: 17975

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2002/01/25

Reference Information

CVE: CVE-2002-0048

BID: 3958

OSVDB: 10021

EDB-ID: 398, 399, 21242

CERT: 800635