FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rsync -- off by one stack overflow

Affected packages
rsync < 2.6.9_1

Details

VuXML ID af8e3a0c-5009-11dc-8a43-003048705d5a
Discovery 2007-08-15
Entry 2007-08-21
Modified 2007-08-23

BugTraq reports:

The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility.

[source]

References

Bugtraq ID 25336
CVE Name CVE-2007-4091

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.