>> Rsync "receive_xattr()" Function Extended Attribute Integer Overflow Vulnerability
Title : Rsync "receive_xattr()" Function Extended Attribute Integer Overflow Vulnerability VUPEN ID : VUPEN/ADV-2006-1606 CVE ID : CVE-2006-2083
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-05-02
Technical Description
A vulnerability has been identified in Rsync, which may be exploited by attackers to execute arbitrary commands or cause a denial of service. This flaw is due to an integer overflow error in the "receive_xattr()" [xattrs.diff] function that does not properly handle malformed extended attributes, which could be exploited by attackers to compromise or crash a vulnerable system.
