CVE-2008-1720 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Vendor	Product	Version
samba	rsync	2.6.9
samba	rsync	2.7.0
samba	rsync	2.7.1
samba	rsync	2.7.2
samba	rsync	2.7.3
samba	rsync	2.7.4
samba	rsync	2.7.5
samba	rsync	2.7.6
samba	rsync	2.7.7
samba	rsync	2.7.8
samba	rsync	2.7.9
samba	rsync	2.8.0
samba	rsync	2.8.1
samba	rsync	2.8.2
samba	rsync	2.8.3
samba	rsync	2.8.4
samba	rsync	2.8.5
samba	rsync	2.8.6
samba	rsync	2.8.7
samba	rsync	2.8.8
samba	rsync	2.8.9
samba	rsync	2.9.0
samba	rsync	2.9.1
samba	rsync	2.9.2
samba	rsync	2.9.3
samba	rsync	2.9.4
samba	rsync	2.9.5
samba	rsync	2.9.6
samba	rsync	2.9.7
samba	rsync	2.9.8
samba	rsync	2.9.9
samba	rsync	3.0.0
samba	rsync	3.0.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

rsync

bullseye	3.2.3-4+deb11u1 fixed
bookworm	3.2.7-1 fixed
sid	3.3.0-1 fixed
trixie	3.3.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

rsync

hardy	not-affected
gutsy	Fixed 2.6.9-5ubuntu1.1 released
feisty	Fixed 2.6.9-3ubuntu1.2 released
edgy	not-affected
dapper	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

http://marc.info/?l=bugtraq&m=125017764422557&w=2

http://marc.info/?l=bugtraq&m=125017764422557&w=2

http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff

http://samba.anu.edu.au/rsync/security.html#s3_0_2

http://secunia.com/advisories/29668

http://secunia.com/advisories/29770

http://secunia.com/advisories/29777

http://secunia.com/advisories/29781

http://secunia.com/advisories/29788

http://secunia.com/advisories/29856

http://secunia.com/advisories/29861

http://security.gentoo.org/glsa/glsa-200804-16.xml

http://sourceforge.net/project/shownotes.php?release_id=591462&group_id=69227

http://www.debian.org/security/2008/dsa-1545

http://www.mail-archive.com/rsync-announce%40lists.samba.org/msg00057.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:084

http://www.osvdb.org/44368

http://www.osvdb.org/44369

http://www.securityfocus.com/bid/28726

http://www.securitytracker.com/id?1019835

http://www.vupen.com/english/advisories/2008/1191/references

http://www.vupen.com/english/advisories/2008/1215/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41766

https://usn.ubuntu.com/600-1/

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html

http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

http://marc.info/?l=bugtraq&m=125017764422557&w=2

http://marc.info/?l=bugtraq&m=125017764422557&w=2

http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff

http://samba.anu.edu.au/rsync/security.html#s3_0_2

http://secunia.com/advisories/29668

http://secunia.com/advisories/29770

http://secunia.com/advisories/29777

http://secunia.com/advisories/29781

http://secunia.com/advisories/29788

http://secunia.com/advisories/29856

http://secunia.com/advisories/29861

http://security.gentoo.org/glsa/glsa-200804-16.xml

http://sourceforge.net/project/shownotes.php?release_id=591462&group_id=69227

http://www.debian.org/security/2008/dsa-1545

http://www.mail-archive.com/rsync-announce%40lists.samba.org/msg00057.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:084

http://www.osvdb.org/44368

http://www.osvdb.org/44369

http://www.securityfocus.com/bid/28726

http://www.securitytracker.com/id?1019835

http://www.vupen.com/english/advisories/2008/1191/references

http://www.vupen.com/english/advisories/2008/1215/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41766

https://usn.ubuntu.com/600-1/

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html