Rsync Multiple Denial Of Service Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with Rsync and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation will allow remote attackers to crash an affected application or execute arbitrary code by tricking a user into connecting to a malicious rsync server and using the '--recursive' and '--delete' options without the '--owner' option. Impact Level: Application.

Solution

Upgrade to rsync version 3.0.8 or later For updates refer to http://rsync.samba.org/

Insight

The flaws are due to - a memory corruption error when processing malformed file list data. - error while handling directory paths, '--backup-dir', filter/exclude lists.

Affected

rsync version 3.x before 3.0.8

References

http://securitytracker.com/id?1025256
http://www.vupen.com/english/advisories/2011/0792

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1097
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ClamAV 'cli_pdf()' and 'cli_scanicon()' Denial of Service Vulnerabilities (Win
chm2pdf Insecure Temporary File Creation or DoS Vulnerability
CUPS Denial of Service Vulnerability - Jun09
Apache Connection Blocking Denial of Service
Adobe Flash Media Server Remote Denial of Service Vulnerability (August-2011)

Rsync Multiple Denial of Service Vulnerabilities (Windows)

Take action and discover your vulnerabilities