CVE-2004-2093

rsync <2.5.7 - Buffer Overflow

Title source: llm

Description

Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Abhisek Datta · clocallinux

https://www.exploit-db.com/exploits/152

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://archives.neohapsis.com/archives/vuln-dev/2004-q1/0091.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15108

Scores

EPSS 0.0073

EPSS Percentile 72.7%

Details

Status published

Published Feb 09, 2004

Tracked Since Feb 18, 2026