CVE-2003-0962

Published: Dec 15, 2003Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

Affected (31)

Products: Andrew Tridgell: Rsync · Engardelinux: Secure Community, Secure Linux · Redhat: Rsync · +1 more

Show all products

Andrew Tridgell: Rsync · Engardelinux: Secure Community, Secure Linux · Redhat: Rsync · Slackware: Slackware Linux

1 product

2 products

1 product

1 product

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Andrew Tridgell Rsync	Version 2.3.1
Andrew Tridgell Rsync	Version 2.3.2
Andrew Tridgell Rsync	Version 2.4.0
Andrew Tridgell Rsync	Version 2.4.1
Andrew Tridgell Rsync	Version 2.4.3
Andrew Tridgell Rsync	Version 2.4.4
Andrew Tridgell Rsync	Version 2.4.5
Andrew Tridgell Rsync	Version 2.4.6
Andrew Tridgell Rsync	Version 2.4.8
Andrew Tridgell Rsync	Version 2.5.0
Andrew Tridgell Rsync	Version 2.5.1
Andrew Tridgell Rsync	Version 2.5.2
Andrew Tridgell Rsync	Version 2.5.3
Andrew Tridgell Rsync	Version 2.5.4
Andrew Tridgell Rsync	Version 2.5.5
Andrew Tridgell Rsync	Version 2.5.6
Engardelinux Secure Community	Version 1.0.1
Engardelinux Secure Community	Version 2.0
Engardelinux Secure Linux	Version 1.1
Engardelinux Secure Linux	Version 1.2
Engardelinux Secure Linux	Version 1.5
Redhat Rsync	Version 2.4.6-2
Redhat Rsync	Version 2.4.6-5
Redhat Rsync	Version 2.4.6-5
Redhat Rsync	Version 2.5.4-2
Redhat Rsync	Version 2.5.5-1
Redhat Rsync	Version 2.5.5-4

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Slackware Slackware Linux	Version 8.1
Slackware Slackware Linux	Version 9.0
Slackware Slackware Linux	Version 9.1
Slackware Slackware Linux	Version current

References (54)

ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U (unsafe URL)

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=107055681311602&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=107055684711629&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=107055702911867&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=107056923528423&w=2

Source: cve@mitre.org

http://secunia.com/advisories/10353

Source: cve@mitre.org

http://secunia.com/advisories/10354

Source: cve@mitre.org

http://secunia.com/advisories/10355

Source: cve@mitre.org

http://secunia.com/advisories/10356

Source: cve@mitre.org

http://secunia.com/advisories/10357

Source: cve@mitre.org

http://secunia.com/advisories/10358

Source: cve@mitre.org

http://secunia.com/advisories/10359

Source: cve@mitre.org

http://secunia.com/advisories/10360

Source: cve@mitre.org

http://secunia.com/advisories/10361

Source: cve@mitre.org

http://secunia.com/advisories/10362

Source: cve@mitre.org

http://secunia.com/advisories/10363

Source: cve@mitre.org

http://secunia.com/advisories/10364

Source: cve@mitre.org

http://secunia.com/advisories/10378

Source: cve@mitre.org

http://secunia.com/advisories/10474

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/325603

Source: cve@mitre.org

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2003:111

Source: cve@mitre.org

http://www.osvdb.org/2898

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-398.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/9153

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/13899

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U (unsafe URL)