Bug 48478 – VUL-0: CVE-2003-0962: rsync: Remotely exploitable heap overflow

Bug 48478 - (CVE-2003-0962) VUL-0: CVE-2003-0962: rsync: Remotely exploitable heap overflow

(CVE-2003-0962)
Summary:	VUL-0: CVE-2003-0962: rsync: Remotely exploitable heap overflow

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Olaf Kirch
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2003-0962: CVSS v2 Base Score: 7....
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2003-12-04 16:51 UTC by Olaf Kirch
Modified:	2017-04-21 09:18 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Olaf Kirch 2003-12-04 16:51:53 UTC

Andrew Tridgell just announced a new version of rsync, which fixes
a remotely exploitable heap overflow. This vulnerability was
supposedly used to break into the Gentoo server.

Version 2.5.7 is available from rsync.samba.org

I've started to work on creating fixed packages

Comment 1 Olaf Kirch 2003-12-04 16:51:53 UTC

<!-- SBZ_reproduce  -->
-

Comment 2 Olaf Kirch 2003-12-04 17:30:09 UTC

Working in patches

Comment 3 Roman Drahtmueller 2003-12-04 18:34:54 UTC

CAN-2003-0962

Comment 4 Thomas Biege 2003-12-05 00:54:55 UTC

packages approved 
adv. will be released in a few minutes

Comment 5 Thomas Biege 2003-12-05 01:27:58 UTC

done

Comment 6 Thomas Biege 2009-10-13 19:42:52 UTC

CVE-2003-0962: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)