RSYNC: Linux rsync recv_exclude_list() Buffer Overflow
This signature detects attempts to exploit a known vulnerability against rsync for Linux. rsync 2.5.1 for Linux and earlier versions are vulnerable. Attackers can send a maliciously crafted buffer to the rsync server and execute arbitrary code on the host.
Extended Description
A vulnerability exists within some versions of rsync. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations. Exploitation of this vulnerability could lead to the corruption of the stack, and possibly to execution of arbitrary code as the root user. It is possible that other versions of rsync share this vulnerability.
Affected Products
Rsync rsync
Short Name
RSYNC:EXCLUDE-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
RSYNC
Keywords
Buffer CVE-2002-0048 Linux Overflow bid:3958 recv_exclude_list() rsync
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/873
False Positive
Unknown
Vendors
Rsync
CVSS Score
10.0