Signature Detail

RSYNC: Linux rsync recv_exclude_list() Buffer Overflow

This signature detects attempts to exploit a known vulnerability against rsync for Linux. rsync 2.5.1 for Linux and earlier versions are vulnerable. Attackers can send a maliciously crafted buffer to the rsync server and execute arbitrary code on the host.

Extended Description

A vulnerability exists within some versions of rsync. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations. Exploitation of this vulnerability could lead to the corruption of the stack, and possibly to execution of arbitrary code as the root user. It is possible that other versions of rsync share this vulnerability.

Affected Products

• rsync 2.3.1
• rsync 2.3.2
• rsync 2.3.2 -1.2 Alpha
• rsync 2.3.2 -1.2 ARM
• rsync 2.3.2 -1.2 Intel
• rsync 2.3.2 -1.2 M68k
• rsync 2.3.2 -1.2 PPC
• rsync 2.3.2 -1.2 Sparc
• rsync 2.4.1
• rsync 2.4.3
• rsync 2.4.4
• rsync 2.4.6
• rsync 2.4.8
• rsync 2.5.1

References

• BugTraq: 3958
• CVE: CVE-2002-0048
• URL: http://rhn.redhat.com/errata/RHSA-2002-018.html
• URL: http://www.kb.cert.org/vuls/id/800635
• URL: http://www.ciac.org/ciac/bulletins/m-035.shtml