Gentoo Linux Security Advisory GLSA 200709-13 - Sebastian Krahmer from the SUSE Security Team discovered two off-by-one errors in the function f_name() in file sender.c when processing overly long directory names. rsync versions less than 2.6.9-r3 are affected.
a1c6e6f0b93a29f066d3b8108a6fecd3c706774a488b30919437eb69f53a5a02Debian Security Advisory 1360-1 - Sebastian Krahmer discovered that rsync, a fast remote file copy program, contains an off-by-one error which might allow remote attackers to execute arbitrary code via long directory names.
74f553eec7a2a98a9851fbbff445718f40e163d808ce11ca719cef1ab0c7da3aUbuntu Security Notice 500-1 - Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to arbitrary code execution.
66952b127af5abd233f0d4ad3789b933e224ad98c54db6cb3304b1fb0ae1a0eaMandriva Linux Security Advisory - Sebastian Krahmer of the SUSE Security Team discovered an off-by-one buffer overflow within rsync. It is not clear if this problem is exploitable, however updates are available to correct the issue.
2856cbcb8883fca12bbd985f64719c472065b8058c456e26caa66279e4eea75f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed