Vulnonym.org

CVE-2008-1720 - Smash and grab Sprays

Description

Buffer overflow in rsync 2.6.9 to 3.0.1 with extended attribute (xattr) support enabled might allow remote attackers to execute arbitrary code via unknown vectors.

Reference

http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff http://samba.anu.edu.au/rsync/security.html#s3_0_2 http://www.mail-archive.com/rsync-announce@lists.samba.org/msg00057.html http://sourceforge.net/project/shownotes.php?release_id=591462&group_id=69227 http://www.debian.org/security/2008/dsa-1545 http://www.mandriva.com/security/advisories?name=MDVSA-2008:084 http://secunia.com/advisories/29668 http://secunia.com/advisories/29770 http://secunia.com/advisories/29777 http://secunia.com/advisories/29781 http://www.securityfocus.com/bid/28726 http://www.securitytracker.com/id?1019835 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html http://security.gentoo.org/glsa/glsa-200804-16.xml http://www.osvdb.org/44368 http://www.osvdb.org/44369 http://secunia.com/advisories/29856 http://secunia.com/advisories/29861 http://secunia.com/advisories/29788 http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://marc.info/?l=bugtraq&m=125017764422557&w=2 http://www.vupen.com/english/advisories/2008/1215/references http://www.vupen.com/english/advisories/2008/1191/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41766 https://usn.ubuntu.com/600-1/