Heap Memory Corruption Vulnerability in rsync 3.x by Samba
CVE-2011-1097

Currently unrated

Key Information:

Vendor: Samba
Status: Rsync
Vendor: CVE Published:; 30 March 2011

What is CVE-2011-1097?

The vulnerability in rsync 3.x prior to version 3.0.8 allows remote servers to exploit specific recursion, deletion, and ownership options. By sending malformed data, attackers can corrupt heap memory, which may cause the application to crash or potentially allow the execution of arbitrary code. This presents a significant risk, particularly in environments where rsync is used to manage files over a network.

References

http://secunia.com/advisories/44088

third-party-advisoryx_refsource_SECUNIA

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://marc.info/?l=bugtraq&m=133226187115472&w=2

vendor-advisoryx_refsource_HP

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2011
Vulnerability Reserved
Feb 24, 2011