Vulnerabilities > CVE-2006-2083 - Integer Overflow vulnerability in RSync Receive_XATTR
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2006-599.NASL description - Mon May 8 2006 Jay Fenlason <fenlason at redhat.com> 2.6.8-1.FC5 - New upstream release - Use the upstream xattr patch instead of mine. This closes bz#190208 CVE-2006-2083 rsync buffer overflow issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24119 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24119 title Fedora Core 5 : rsync-2.6.8-1.FC5 (2006-599) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-599. # include("compat.inc"); if (description) { script_id(24119); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2006-599"); script_name(english:"Fedora Core 5 : rsync-2.6.8-1.FC5 (2006-599)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon May 8 2006 Jay Fenlason <fenlason at redhat.com> 2.6.8-1.FC5 - New upstream release - Use the upstream xattr patch instead of mine. This closes bz#190208 CVE-2006-2083 rsync buffer overflow issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-June/000165.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3910406c" ); script_set_attribute( attribute:"solution", value:"Update the affected rsync and / or rsync-debuginfo packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rsync"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rsync-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"rsync-2.6.8-1.FC5")) flag++; if (rpm_check(release:"FC5", reference:"rsync-debuginfo-2.6.8-1.FC5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsync / rsync-debuginfo"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200605-05.NASL description The remote host is affected by the vulnerability described in GLSA-200605-05 (rsync: Potential integer overflow) An integer overflow was found in the receive_xattr function from the extended attributes patch (xattr.c) for rsync. The vulnerable function is only present when the last seen 2020-06-01 modified 2020-06-02 plugin id 21347 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21347 title GLSA-200605-05 : rsync: Potential integer overflow NASL family Fedora Local Security Checks NASL id FEDORA_2006-601.NASL description - Fri May 26 2006 Jay Fenlason <fenlason at redhat.com> 2.6.8-1.FC4 - Upgrade to 2.6.8, which closes bz#190208 CVE-2006-2083 rsync buffer overflow issue by switching from my xattrs patch to the upstream one. This also obsoletes the -address patch. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24120 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24120 title Fedora Core 4 : rsync-2.6.8-1.FC4 (2006-601)
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-08-30 |
| organization | Red Hat |
| statement | Not vulnerable. This issue does not affect the versions of rsync distributed with Red Hat Enterprise Linux 2.1, 3, or 4. |
References
- http://samba.anu.edu.au/ftp/rsync/rsync-2.6.8-NEWS
- http://secunia.com/advisories/19920
- http://secunia.com/advisories/19964
- http://secunia.com/advisories/20011
- http://www.gentoo.org/security/en/glsa/glsa-200605-05.xml
- http://www.securityfocus.com/bid/17788
- http://www.trustix.org/errata/2006/0024
- http://www.vupen.com/english/advisories/2006/1606
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26208