Mandrake Linux Security Advisory : rsync (MDKSA-2003:111)
High Nessus Plugin ID 14093
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA vulnerability was discovered in all versions of rsync prior to 2.5.7 that was recently used in conjunction with the Linux kernel do_brk() vulnerability to compromise a public rsync server.
This heap overflow vulnerability, by itself, cannot yield root access, however it does allow arbitrary code execution on the host running rsync as a server. Also note that this only affects hosts running rsync in server mode (listening on port 873, typically under xinetd).
SolutionUpdate the affected rsync package.