Ubuntu
rsync package

[rsync] possible execution of arbitrary code

Bug #173608 reported by disabled.user on 2007-12-03

254

Affects		Status	Importance	Assigned to	Milestone
	rsync (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

Binary package hint: rsync

References:
[1] http://lists.samba.org/archive/rsync-announce/2007/000050.html
[2] http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089

Quoting CVE-2007-4091:
"Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."

CVE References

2007-4091

Revision history for this message

disabled.user (disabled.user-deactivatedaccount) wrote on 2007-12-03:

Oops. Sorry, this has already been fixed in USN-500-1.

Changed in rsync:
status:	New → Invalid

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntursync package