Summary
This host is installed with Rsync and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation will allow remote attackers to crash an affected application or execute arbitrary code by tricking a user into connecting to a malicious rsync server and using the '--recursive' and '--delete' options without the '--owner' option.
Impact Level: Application.
Solution
Upgrade to rsync version 3.0.8 or later
For updates refer to http://rsync.samba.org/
Insight
The flaws are due to
- a memory corruption error when processing malformed file list data.
- error while handling directory paths, '--backup-dir', filter/exclude lists.
Affected
rsync version 3.x before 3.0.8
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-1097 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities