Rsync F_Name Off-By-One Buffer Overflow Vulnerability
BID:25336
Info
Rsync F_Name Off-By-One Buffer Overflow Vulnerability
| Bugtraq ID: | 25336 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4091 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 15 2007 12:00AM |
| Updated: | Sep 10 2014 12:34AM |
| Credit: | Sebastian Krahmer discovered this issue. |
| Vulnerable: |
Trustix Secure Linux 3.0.5 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise Desktop 10 SuSE Linux Professional 10.2 x86_64 SuSE Linux Personal 10.2 x86_64 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux 12.0 Slackware Linux 11.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc rsync rsync 2.6.9 rsync rsync 2.6.8 rsync rsync 2.6.6 rPath rPath Linux 1 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
Rsync F_Name Off-By-One Buffer Overflow Vulnerability
The rsync utility is prone to an off-by-one buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the affected utility.
This issue affects rsync 2.6.9; other versions may also be vulnerable.
The rsync utility is prone to an off-by-one buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the affected utility.
This issue affects rsync 2.6.9; other versions may also be vulnerable.
Exploit / POC
Rsync F_Name Off-By-One Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Rsync F_Name Off-By-One Buffer Overflow Vulnerability
Solution:
Please see the references for vendor advisories.
Solution:
Please see the references for vendor advisories.
References
Rsync F_Name Off-By-One Buffer Overflow Vulnerability
References:
References:
- Bug#438125: CVE-2007-4091 off-by-one in sender.c (Nico Golde)
- CVE-2007-4091 (Sebastian Krahmer)
- rsync Homepage (rsync)
- TSLSA-2007-0026 - multi (Trustix)