CVE-2008-1720

Publication date 10 April 2008

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
rsync	8.04 LTS hardy	Not affected
	7.10 gutsy	Fixed 2.6.9-5ubuntu1.1
	7.04 feisty	Fixed 2.6.9-3ubuntu1.2
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?
Patch details

Notes

jdstrand

3.0, but code is in patches/acls.diff for feisty-hardy

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
rsync	Other: http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-600-1
rsync vulnerability
11 April 2008

Other references

http://samba.anu.edu.au/rsync/security.html#s3_0_2
https://www.cve.org/CVERecord?id=CVE-2008-1720