rsync Signed Array Index Remote Code Execution Vulnerability

A vulnerability exists within some versions of rsync. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations. Exploitation of this vulnerability could lead to the corruption of the stack, and possibly to execution of arbitrary code as the root user.

It is possible that other versions of rsync share this vulnerability.


 

Privacy Statement
Copyright 2010, SecurityFocus