CVE-2004-2093

rsync < 2.5.7 - Buffer Overflow via RSYNC_PROXY Environment Variable

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2093. PoCs published by Abhisek Datta.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in rsync <= 2.5.7 by overwriting the saved EIP with a dynamically calculated return address pointing to shellcode. The shellcode binds a shell to port 10000, demonstrating a local exploit that could be adapted for remote attacks.

Description

Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Abhisek Datta · clocallinux
https://www.exploit-db.com/exploits/152

This exploit targets a stack-based buffer overflow in rsync <= 2.5.7 by overwriting the saved EIP with a dynamically calculated return address pointing to shellcode. The shellcode binds a shell to port 10000, demonstrating a local exploit that could be adapted for remote attacks.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: rsync <= 2.5.7
No auth needed
Prerequisites: Local access to the target system · rsync binary present at /usr/local/bin/rsync
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory mailing-list x_refsource_vuln-dev
http://archives.neohapsis.com/archives/vuln-dev/2004-q1/0091.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15108

Scores

EPSS 0.0100
EPSS Percentile 58.2%

Details

Status published
Published Feb 09, 2004
Tracked Since Feb 18, 2026