CVE-2011-1097 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.1 UNKNOWN	NETWORK	HIGH		AV:N/AC:H/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Vendor	Product	Version
samba	rsync	3.0.0
samba	rsync	3.0.1
samba	rsync	3.0.2
samba	rsync	3.0.3
samba	rsync	3.0.4
samba	rsync	3.0.5
samba	rsync	3.0.6
samba	rsync	3.0.7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

rsync

bullseye	3.2.3-4+deb11u1 fixed
squeeze	no-dsa
bookworm	3.2.7-1 fixed
sid	3.3.0-1 fixed
trixie	3.3.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

rsync

maverick	Fixed 3.0.7-2ubuntu1.1 released
lucid	Fixed 3.0.7-1ubuntu1.1 released
karmic	Fixed 3.0.6-1ubuntu1.1 released
hardy	not-affected
dapper	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://gitweb.samba.org/?p=rsync.git%3Ba=commit%3Bh=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057641.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://lists.samba.org/archive/rsync/2011-January/025988.html

http://marc.info/?l=bugtraq&m=133226187115472&w=2

http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS

http://secunia.com/advisories/44071

http://secunia.com/advisories/44088

http://securitytracker.com/id?1025256

http://www.mandriva.com/security/advisories?name=MDVSA-2011:066

http://www.redhat.com/support/errata/RHSA-2011-0390.html

http://www.vupen.com/english/advisories/2011/0792

http://www.vupen.com/english/advisories/2011/0793

http://www.vupen.com/english/advisories/2011/0873

http://www.vupen.com/english/advisories/2011/0876

https://bugzilla.redhat.com/show_bug.cgi?id=675036

https://bugzilla.samba.org/show_bug.cgi?id=7936

http://gitweb.samba.org/?p=rsync.git%3Ba=commit%3Bh=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057641.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://lists.samba.org/archive/rsync/2011-January/025988.html

http://marc.info/?l=bugtraq&m=133226187115472&w=2

http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS

http://secunia.com/advisories/44071

http://secunia.com/advisories/44088

http://securitytracker.com/id?1025256

http://www.mandriva.com/security/advisories?name=MDVSA-2011:066

http://www.redhat.com/support/errata/RHSA-2011-0390.html

http://www.vupen.com/english/advisories/2011/0792

http://www.vupen.com/english/advisories/2011/0793

http://www.vupen.com/english/advisories/2011/0873

http://www.vupen.com/english/advisories/2011/0876

https://bugzilla.redhat.com/show_bug.cgi?id=675036

https://bugzilla.samba.org/show_bug.cgi?id=7936