1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
PublicDate: 2008-04-10
Candidate: CVE-2008-1720
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720
http://samba.anu.edu.au/rsync/security.html#s3_0_2
http://www.ubuntu.com/usn/usn-600-1
Description:
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr)
support enabled, might allow remote attackers to execute arbitrary code via
unknown vectors.
Ubuntu-Description:
Notes:
jdstrand> 3.0, but code is in patches/acls.diff for feisty-hardy
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_rsync:
patch: http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff
upstream_rsync: needs-triage
dapper_rsync: not-affected
edgy_rsync: not-affected
feisty_rsync: released (2.6.9-3ubuntu1.2)
gutsy_rsync: released (2.6.9-5ubuntu1.1)
hardy_rsync: not-affected (2.6.9-6ubuntu2)
devel_rsync: not-affected (2.6.9-6ubuntu2)
|