Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2093Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba Rsync

6 documents6 sources
Severity
4.6MEDIUMNVD
EPSS
0.7%
top 27.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Samba Rsync
Timeline
PublishedFeb 9
Latest updateApr 29

Description

Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

Debiansamba/rsync< 2.6.1-1+3

🔴Vulnerability Details

3
GHSA
GHSA-2h3h-37pp-x96w: Buffer overflow in the open_socket_out function in socket2022-04-29
CVEList
CVE-2004-2093: Buffer overflow in the open_socket_out function in socket2005-05-19
OSV
CVE-2004-2093: Buffer overflow in the open_socket_out function in socket2004-02-09

💥Exploits & PoCs

1
Exploit-DB
rsync 2.5.7 - Local Stack Overflow / Local Privilege Escalation2004-02-13

📋Vendor Advisories

1
Debian
CVE-2004-2093: rsync - Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and ...2004
CVE-2004-2093 — Samba Rsync vulnerability | cvebase