Summary
The remote host is missing an update to rsync
announced via advisory DSA 106-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20106-1
Insight
Sebastian Krahmer found several places in rsync (a popular tool to synchronise files between machines) where signed and unsigned numbers were mixed which resulted in insecure code. This could be abused by remote users to write 0-bytes in rsync's memory and trick rsync into executing arbitrary code.
This has been fixed in version 2.3.2-1.3 and we recommend you upgrade your rsync package immediately.
Severity
Classification
-
CVE CVE-2002-0048 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities