| Vulnerability Name: | CVE-2003-0962 (CCN-13899) | ||||||||||||||||||||
| Assigned: | 2003-10-04 | ||||||||||||||||||||
| Published: | 2003-10-04 | ||||||||||||||||||||
| Updated: | 2018-05-03 | ||||||||||||||||||||
| Summary: | Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: SGI Type: UNKNOWN 20031202-01-U Source: CCN Type: SGI Security Advisory 20031202-01-U SGI Advanced Linux Environment security update #6 Source: MITRE Type: CNA CVE-2003-0962 Source: CONECTIVA Type: UNKNOWN CLA-2003:794 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2003:794 rsync Source: CCN Type: AppleCare Knowledge Base Document 61798 Security Update 2003-12-19 for Mac OS X 10.3.2 "Panther" and Mac OS X 10.3.2 Server Source: BUGTRAQ Type: UNKNOWN 20031204 rsync security advisory (fwd) Source: TRUSTIX Type: UNKNOWN 2003-0048 Source: BUGTRAQ Type: UNKNOWN 20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync) Source: BUGTRAQ Type: UNKNOWN 20031204 GLSA: exploitable heap overflow in rsync (200312-03) Source: CCN Type: RHSA-2003-398 New rsync packages fix remote security vulnerability Source: CCN Type: RHSA-2003-399 rsync security update Source: CCN Type: rsync download Web page rsync Source: CCN Type: SA10353 rsync File Handling Integer Overflow Vulnerability Source: SECUNIA Type: UNKNOWN 10353 Source: SECUNIA Type: UNKNOWN 10354 Source: SECUNIA Type: UNKNOWN 10355 Source: SECUNIA Type: UNKNOWN 10356 Source: SECUNIA Type: UNKNOWN 10357 Source: SECUNIA Type: UNKNOWN 10358 Source: SECUNIA Type: UNKNOWN 10359 Source: SECUNIA Type: UNKNOWN 10360 Source: SECUNIA Type: UNKNOWN 10361 Source: SECUNIA Type: UNKNOWN 10362 Source: SECUNIA Type: UNKNOWN 10363 Source: SECUNIA Type: UNKNOWN 10364 Source: SECUNIA Type: UNKNOWN 10378 Source: CCN Type: SA10474 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 10474 Source: CCN Type: CIAC Information Bulletin O-034 rsync Heap Overflow Vulnerability Source: DEBIAN Type: DSA-404 rsync -- heap overflow Source: CCN Type: GLSA-200312-03 rsync: exploitable heap overflow Source: CCN Type: US-CERT VU#325603 Integer overflow vulnerability in rsync Source: CERT-VN Type: US Government Resource VU#325603 Source: CCN Type: Immunix Secured OS Security Advisory IMNX-2003-73-001-01 rsync Source: CCN Type: SCO Security Advisory CSSA-2004-010.0 OpenLinux: rsync heap based overflow Source: CCN Type: rsync Mailing List, Sat, 04 Oct 2003 13:38:30 -0700 Possible security hole Source: MANDRAKE Type: UNKNOWN MDKSA-2003:111 Source: CCN Type: OpenPKG-SA-2003.051 Rsync Source: OSVDB Type: UNKNOWN 2898 Source: CCN Type: OSVDB ID: 2898 rsync Unspecified Remote Heap Overflow Source: REDHAT Type: Patch, Vendor Advisory RHSA-2003:398 Source: BID Type: Patch, Vendor Advisory 9153 Source: CCN Type: BID-9153 RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability Source: CCN Type: slackware-security Mailing List, Wed, 3 Dec 2003 23:50:44 -0800 (PST) rsync security update (SSA:2003-337-01) Source: CCN Type: Trustix Secure Linux Security Advisory #2003-0048 rsync Source: CCN Type: TLSA-2003-67 Heap overflow Source: XF Type: UNKNOWN linux-rsync-heap-overflow(13899) Source: XF Type: UNKNOWN linux-rsync-heap-overflow(13899) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9415 Source: SUSE Type: SUSE-SA:2003:050 rsync: remote compromise | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||