CVE-2008-1720
rsync 2.6.9-3.0.1 - Remote Code Execution via Extended Attribute Buffer Overflow
Title source: llmDescription
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
References (26)
Core 26
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/44369
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29856
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29788
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200804-16.xml
Mailing List mailing-list
x_refsource_mlist
http://www.mail-archive.com/rsync-announce%40lists.samba.org/msg00057.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/600-1/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29781
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=591462&group_id=69227
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1215/references
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29770
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html
Patch x_refsource_confirm
http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff
Patch x_refsource_confirm
http://samba.anu.edu.au/rsync/security.html#s3_0_2
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:084
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1191/references
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28726
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019835
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29861
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29668
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1545
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=125017764422557&w=2
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29777
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41766
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/44368
Scores
EPSS
0.0844
EPSS Percentile
92.4%
Details
CWE
CWE-119
Status
published
Products (33)
samba/rsync
2.6.9
samba/rsync
2.7.0
samba/rsync
2.7.1
samba/rsync
2.7.2
samba/rsync
2.7.3
samba/rsync
2.7.4
samba/rsync
2.7.5
samba/rsync
2.7.6
samba/rsync
2.7.7
samba/rsync
2.7.8
... and 23 more
Published
Apr 10, 2008
Tracked Since
Feb 18, 2026