CVE-2004-2093

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2004-2093

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2004-2093.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2004-2093

Downstream

DEBIAN-CVE-2004-2093

Published

2004-02-09T05:00:00Z

Modified

2026-04-10T03:36:41.585224Z

Summary

[none]

Details

Buffer overflow in the opensocketout function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.

References

http://archives.neohapsis.com/archives/vuln-dev/2004-q1/0091.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15108

CVE-2004-2093

Affected packages