CVE-2004-2093

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2004-2093

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2004-2093.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2004-2093

Published

2004-02-09T05:00:00Z

Modified

2024-11-20T23:52:28Z

Summary

[none]

Details

Buffer overflow in the opensocketout function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.

References

Affected packages

Debian:11 / rsync

Package

Name: rsync
Purl: pkg:deb/debian/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rsync

Package

Name: rsync
Purl: pkg:deb/debian/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rsync

Package

Name: rsync
Purl: pkg:deb/debian/rsync?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}