CVE-2008-1720

EUVD-2008-1721
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
sambarsync
2.6.9
sambarsync
2.7.0
sambarsync
2.7.1
sambarsync
2.7.2
sambarsync
2.7.3
sambarsync
2.7.4
sambarsync
2.7.5
sambarsync
2.7.6
sambarsync
2.7.7
sambarsync
2.7.8
sambarsync
2.7.9
sambarsync
2.8.0
sambarsync
2.8.1
sambarsync
2.8.2
sambarsync
2.8.3
sambarsync
2.8.4
sambarsync
2.8.5
sambarsync
2.8.6
sambarsync
2.8.7
sambarsync
2.8.8
sambarsync
2.8.9
sambarsync
2.9.0
sambarsync
2.9.1
sambarsync
2.9.2
sambarsync
2.9.3
sambarsync
2.9.4
sambarsync
2.9.5
sambarsync
2.9.6
sambarsync
2.9.7
sambarsync
2.9.8
sambarsync
2.9.9
sambarsync
3.0.0
sambarsync
3.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rsync
bookworm
3.2.7-1
fixed
bullseye
3.2.3-4+deb11u1
fixed
sid
3.3.0-1
fixed
trixie
3.3.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rsync
dapper
not-affected
edgy
not-affected
feisty
Fixed 2.6.9-3ubuntu1.2
released
gutsy
Fixed 2.6.9-5ubuntu1.1
released
hardy
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://marc.info/?l=bugtraq&m=125017764422557&w=2
http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff
http://samba.anu.edu.au/rsync/security.html#s3_0_2
http://secunia.com/advisories/29668
http://secunia.com/advisories/29770
http://secunia.com/advisories/29777
http://secunia.com/advisories/29781
http://secunia.com/advisories/29788
http://secunia.com/advisories/29856
http://secunia.com/advisories/29861
http://security.gentoo.org/glsa/glsa-200804-16.xml
http://sourceforge.net/project/shownotes.php?release_id=591462&group_id=69227
http://www.debian.org/security/2008/dsa-1545
http://www.mail-archive.com/rsync-announce%40lists.samba.org/msg00057.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:084
http://www.osvdb.org/44368
http://www.osvdb.org/44369
http://www.securityfocus.com/bid/28726
http://www.securitytracker.com/id?1019835
http://www.vupen.com/english/advisories/2008/1191/references
http://www.vupen.com/english/advisories/2008/1215/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41766
https://usn.ubuntu.com/600-1/
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://marc.info/?l=bugtraq&m=125017764422557&w=2
http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff
http://samba.anu.edu.au/rsync/security.html#s3_0_2
http://secunia.com/advisories/29668
http://secunia.com/advisories/29770
http://secunia.com/advisories/29777
http://secunia.com/advisories/29781
http://secunia.com/advisories/29788
http://secunia.com/advisories/29856
http://secunia.com/advisories/29861
http://security.gentoo.org/glsa/glsa-200804-16.xml
http://sourceforge.net/project/shownotes.php?release_id=591462&group_id=69227
http://www.debian.org/security/2008/dsa-1545
http://www.mail-archive.com/rsync-announce%40lists.samba.org/msg00057.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:084
http://www.osvdb.org/44368
http://www.osvdb.org/44369
http://www.securityfocus.com/bid/28726
http://www.securitytracker.com/id?1019835
http://www.vupen.com/english/advisories/2008/1191/references
http://www.vupen.com/english/advisories/2008/1215/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41766
https://usn.ubuntu.com/600-1/
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html