ID CVE-2002-0048
Summary Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
References
Vulnerable Configurations
  • cpe:2.3:a:andrew_tridgell:rsync:2.3.1
    cpe:2.3:a:andrew_tridgell:rsync:2.3.1
  • cpe:2.3:a:andrew_tridgell:rsync:2.3.2
    cpe:2.3:a:andrew_tridgell:rsync:2.3.2
  • cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:alpha
    cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:alpha
  • cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:arm
    cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:arm
  • cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:intel
    cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:intel
  • cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:m68k
    cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:m68k
  • cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:ppc
    cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:ppc
  • cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:sparc
    cpe:2.3:a:andrew_tridgell:rsync:2.3.2_1.2:-:sparc
  • cpe:2.3:a:andrew_tridgell:rsync:2.4.1
    cpe:2.3:a:andrew_tridgell:rsync:2.4.1
  • cpe:2.3:a:andrew_tridgell:rsync:2.4.3
    cpe:2.3:a:andrew_tridgell:rsync:2.4.3
  • cpe:2.3:a:andrew_tridgell:rsync:2.4.4
    cpe:2.3:a:andrew_tridgell:rsync:2.4.4
  • cpe:2.3:a:andrew_tridgell:rsync:2.4.6
    cpe:2.3:a:andrew_tridgell:rsync:2.4.6
  • cpe:2.3:a:andrew_tridgell:rsync:2.5.0_1
    cpe:2.3:a:andrew_tridgell:rsync:2.5.0_1
  • cpe:2.3:a:andrew_tridgell:rsync:2.5.1
    cpe:2.3:a:andrew_tridgell:rsync:2.5.1
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description rsync <= 2.5.1 Remote Exploit (2). CVE-2002-0048. Remote exploit for linux platform
    id EDB-ID:399
    last seen 2016-01-31
    modified 2002-01-01
    published 2002-01-01
    reporter Teso
    source https://www.exploit-db.com/download/399/
    title rsync <= 2.5.1 - Remote Exploit 2
  • description rsync 2.3/2.4/2.5 Signed Array Index Remote Code Execution Vulnerability. CVE-2002-0048. Remote exploit for linux platform
    id EDB-ID:21242
    last seen 2016-02-02
    modified 2002-01-25
    published 2002-01-25
    reporter sorbo
    source https://www.exploit-db.com/download/21242/
    title rsync 2.3/2.4/2.5 Signed Array Index Remote Code Execution Vulnerability
  • description rsync <= 2.5.1 Remote Exploit. CVE-2002-0048. Remote exploit for linux platform
    id EDB-ID:398
    last seen 2016-01-31
    modified 2002-01-01
    published 2002-01-01
    reporter Teso
    source https://www.exploit-db.com/download/398/
    title rsync <= 2.5.1 - Remote Exploit
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2002-009.NASL
    description Sebastian Krahmer of the SuSE Security Team performed an audit on the rsync tool and discovered that in several places signed and unsigned numbers were mixed, with the end result being insecure code. These flaws could be abused by remote users to write 0 bytes into rsync's memory and trick rsync into executing arbitrary code on the server. It is recommended that all Mandrake Linux users update rsync immediately. As well, rsync server administrators should seriously consider making use of the 'use chroot', 'read only', and 'uid' options as these can significantly reduce the impact that security problems in rsync (or elsewhere) have on the server.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13917
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13917
    title Mandrake Linux Security Advisory : rsync (MDKSA-2002:009)
  • NASL family Gain a shell remotely
    NASL id RSYNC_ARRAY_OVERFLOW.NASL
    description The remote rsync server is affected by multiple signedness errors in the I/O functions. An unauthenticated, remote attacker can exploit these to cause a denial of service or execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 11390
    published 2003-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11390
    title rsync I/O Functions Multiple Signedness Errors RCE
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-106.NASL
    description Sebastian Krahmer found several places in rsync (a popular tool to synchronise files between machines) where signed and unsigned numbers were mixed which resulted in insecure code (see securityfocus.com). This could be abused by remote users to write 0-bytes in rsync's memory and trick rsync into executing arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 14943
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14943
    title Debian DSA-106-2 : rsync - remote exploit
redhat via4
advisories
rhsa
id RHSA-2002:018
refmap via4
bid 3958
bugtraq
  • 20020127 rsync-2.5.2 has security fix (was: Re: [RHSA-2002:018-05] New rsync packages available)
  • 20020128 TSLSA-2002-0025 - rsync
caldera CSSA-2002-003.0
cert-vn VU#800635
conectiva CLA-2002:458
debian DSA-106
engarde ESA-20020125-004
freebsd FreeBSD-SA-02:10
hp HPSBTL0201-022
mandrake MDKSA-2002:009
suse SuSE-SA:2002:004
xf linux-rsync-root-access(7993)
Last major update 17-10-2016 - 22:15
Published 27-02-2002 - 00:00
Back to Top