RSYNC: Chunk-Checksum Overflow
This signature detects attempts to exploit a known vulnerability on an rsync server. Rsync versions 2.6 and earlier are vulnerable. Rsync allows a client to specify the number of chunk checksums during an rsync session. Attackers can instruct an rsync server to use an overly large number of chunk checksums, forcing the server into an overflow condition and enabling the attackers to execute code with rsync daemon privileges (typically "nobody").
Extended Description
rsync has been reported prone to an undisclosed heap overflow vulnerability when running in daemon mode. The issue has been reported to be remotely exploitable and will provide for an execution of arbitrary code.
Affected Products
Sun cobalt_qube_3,Slackware slackware_linux
References
BugTraq: 9153
CVE: CVE-2003-0962
URL: http://marc.theaimsgroup.com/?l=bugtraq&m=107055681311602&w=2 http://www.kb.cert.org/vuls/id/325603
Short Name
RSYNC:CHUNK-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
RSYNC
Keywords
CVE-2003-0962 Chunk-Checksum Overflow bid:9153
Release Date
01/14/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/873
False Positive
Unknown
Vendors
Red_hat
Rsync
Apple
Sun
Sgi
Slackware
Engarde_secure_linux
CVSS Score
7.5