rsync Unspecified Heap Overflow Vulnerability

Go back to Publication: 2003-12-04 © K-OTik.COM
Titrate: rsync Unspecified Heap Overflow Critical Vulnerability
K-Otik ID: 0453
CVE: Edge-2003-0962
Risk: Critical
Exploitable remotely: Yes
Exploitable locally: Yes

* Technical Description - Exploit *

A Critique vulnerability was identified in rsync. This problem is caused by an error of the type heap overflow. The successful exploitation could allow the execution of arbitrary orders with the privileges rsync. This fault was exploited the 02 Décombre 2003 by attackers in order to compromise a waiter pertaining to Gentoo.

* Vulnerable versions *

rsync version 2.5.6

* Solution *

To use rsync version 2.5.7.
http://samba.org/rsync/download.html

To filter the port rsync TCP 873

* References *
http://www.gentoo.org/security/en/glsa/glsa-200312-01.xml
http://www.k-otik.com/news/12.04.Gentoo.php

* Credit *

Vulnerability discovered Pa R the team Gentoo (December 2003)
http://www.k-otik.net/bugtraq/12.04.rsync.php

m00-apache-w00t.tar.gz: Apache 1.3.*-2.0.48 remote users disclosure exploit.
This tool scans remote hosts with httpd (apache) and disclosure information about existens users
accounts via wrong default configuration of mod_userdir (default apache module). Then attempts
to log on ftp with found logins.
http://m00.void.ru/exp/m00-apache-w00t.tar.gz

cool thanks for posting ..

Very interesting = )... This exploit combined with that do_brk kernel exploit means almost fo sho ownage = ).

Now, i have to find me some log cleaners, anyone suggest one for linux? i386 platform.

thanx nice job ...

even with these far and few between sploits on linux, linux is still way better than windows . Nice job also hehe