Bug 48478 (CVE-2003-0962)

Summary: VUL-0: CVE-2003-0962: rsync: Remotely exploitable heap overflow
Product: [Novell Products] SUSE Security Incidents Reporter: Olaf Kirch <okir>
Component: IncidentsAssignee: Olaf Kirch <okir>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: meissner
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0962: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Olaf Kirch 2003-12-04 16:51:53 UTC 
Andrew Tridgell just announced a new version of rsync, which fixes
a remotely exploitable heap overflow. This vulnerability was
supposedly used to break into the Gentoo server.

Version 2.5.7 is available from rsync.samba.org

I've started to work on creating fixed packages
Comment 1 Olaf Kirch 2003-12-04 16:51:53 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Olaf Kirch 2003-12-04 17:30:09 UTC 
Working in patches
Comment 3 Roman Drahtmueller 2003-12-04 18:34:54 UTC 
CAN-2003-0962
Comment 4 Thomas Biege 2003-12-05 00:54:55 UTC 
packages approved 
adv. will be released in a few minutes
Comment 5 Thomas Biege 2003-12-05 01:27:58 UTC 
done
Comment 6 Thomas Biege 2009-10-13 19:42:52 UTC 
CVE-2003-0962: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)