From 46b5a2421887e1fce6bad5216ff9ba6453ebee31 Mon Sep 17 00:00:00 2001 From: mnag Date: Wed, 3 May 2006 00:56:32 +0000 Subject: rsync -- "xattrs.diff" Patch Integer Overflow Vulnerability --- security/vuxml/vuln.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f523fa67312..6cdf01a8600 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> + + rsync -- "xattrs.diff" Patch Integer Overflow Vulnerability + + + rsync + 2.6.8 + + + + +

Secunia reports:

+
A vulnerability has been reported in rsync, which can be + exploited by malicious users to cause a DoS (Denial of Service) + and potentially compromise a vulnerable system.
+
The vulnerability is caused due to an integer overflow error in + the "receive_xattr()" function within the xattrs.diff patch. This + can be exploited to cause a buffer overflow and may allow arbitrary + code execution via specially crafted extended attributes.
+
Successful exploitation requires that the "xattrs.diff" patch has + been applied.
+

+ + + + CVE-2006-2083 + http://samba.anu.edu.au/ftp/rsync/rsync-2.6.8-NEWS + http://secunia.com/advisories/19920/ + + + 2006-05-02 + 2006-05-03 + + + clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability -- cgit