CVE-2008-1720
https://notcve.org/view.php?id=CVE-2008-1720
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors. Desbordamiento de búfer en resync2.6.9 a 3.0.1, al activar el soporte de atributos extendidos (xattr), puede permitir a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://marc.info/?l=bugtraq&m=125017764422557&w=2 http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff http://samba.anu.edu.au/rsync/security.html#s3_0_2 http://secunia.com/advisories/29668 http://secunia.com/advisories/29770 http://secunia.com/advisories/29777 http://secunia.com/advisories/29781 http://secunia.com/advisories/29788 http://secunia.com/advisories/29856 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2002-0080
https://notcve.org/view.php?id=CVE-2002-0080
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. rsync no llama adecuadamente a 'setgroups' antes de establecer los permisos, lo cual podría proveer de ciertos privilegios de grupo a usuarios locales, los cuales podrían leer ciertos ficheros que de otro modo les estarían vetados. • http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt http://www.iss.net/security_center/static/8463.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 http://www.redhat.com/support/errata/RHSA-2002-026.html http://www.securityfocus.com/bid/4285 https://access.redhat.com/security/cve/CVE-2002-0080 https://bugzilla.redhat.com/show_bug.cgi?id=1616738 • CWE-269: Improper Privilege Management •