CVE-2011-1097

Current Description

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

Basic Data

PublishedMarch 30, 2011
Last ModifiedFebruary 21, 2014
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.1
SeverityMEDIUM
Exploitability Score4.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSambaRsync3.0.0*******
    2.3ApplicationSambaRsync3.0.1*******
    2.3ApplicationSambaRsync3.0.2*******
    2.3ApplicationSambaRsync3.0.3*******
    2.3ApplicationSambaRsync3.0.4*******
    2.3ApplicationSambaRsync3.0.5*******
    2.3ApplicationSambaRsync3.0.6*******
    2.3ApplicationSambaRsync3.0.7*******

Vulnerable Software List

VendorProductVersions
Samba Rsync 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7

References

NameSourceURLTags
http://gitweb.samba.org/?p=rsync.git;a=commit;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6http://gitweb.samba.org/?p=rsync.git;a=commit;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6CONFIRMPatch
FEDORA-2011-4389http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057641.htmlFEDORA
FEDORA-2011-4427http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.htmlFEDORA
FEDORA-2011-4413http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.htmlFEDORA
SUSE-SR:2011:009http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlSUSE
[rsync] 20110122 rsync -rcv printing out filenames when content identicalhttp://lists.samba.org/archive/rsync/2011-January/025988.htmlMLIST
HPSBMU02752http://marc.info/?l=bugtraq&m=133226187115472&w=2HP
http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWShttp://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWSCONFIRM
44071http://secunia.com/advisories/44071SECUNIA
44088http://secunia.com/advisories/44088SECUNIA
1025256http://securitytracker.com/id?1025256SECTRACK
MDVSA-2011:066http://www.mandriva.com/security/advisories?name=MDVSA-2011:066MANDRIVA
RHSA-2011:0390http://www.redhat.com/support/errata/RHSA-2011-0390.htmlREDHAT
ADV-2011-0792http://www.vupen.com/english/advisories/2011/0792VUPENVendor Advisory
ADV-2011-0793http://www.vupen.com/english/advisories/2011/0793VUPENVendor Advisory
ADV-2011-0873http://www.vupen.com/english/advisories/2011/0873VUPEN
ADV-2011-0876http://www.vupen.com/english/advisories/2011/0876VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=675036https://bugzilla.redhat.com/show_bug.cgi?id=675036CONFIRMPatch
https://bugzilla.samba.org/show_bug.cgi?id=7936https://bugzilla.samba.org/show_bug.cgi?id=7936CONFIRM