CVE-2006-2083
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/04/2006
Last modified:
03/04/2025
Description
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:andrew_tridgell:rsync:2.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:andrew_tridgell:rsync:2.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:andrew_tridgell:rsync:2.6.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:andrew_tridgell:rsync:2.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:andrew_tridgell:rsync:2.6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:andrew_tridgell:rsync:2.6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:andrew_tridgell:rsync:2.6.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:andrew_tridgell:rsync:2.6.7:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://samba.anu.edu.au/ftp/rsync/rsync-2.6.8-NEWS
- http://secunia.com/advisories/19920
- http://secunia.com/advisories/19964
- http://secunia.com/advisories/20011
- http://www.gentoo.org/security/en/glsa/glsa-200605-05.xml
- http://www.securityfocus.com/bid/17788
- http://www.trustix.org/errata/2006/0024
- http://www.vupen.com/english/advisories/2006/1606
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26208
- http://samba.anu.edu.au/ftp/rsync/rsync-2.6.8-NEWS
- http://secunia.com/advisories/19920
- http://secunia.com/advisories/19964
- http://secunia.com/advisories/20011
- http://www.gentoo.org/security/en/glsa/glsa-200605-05.xml
- http://www.securityfocus.com/bid/17788
- http://www.trustix.org/errata/2006/0024
- http://www.vupen.com/english/advisories/2006/1606
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26208