CVE-2006-2083
Published Apr 28, 2006
Last updated 7 years ago
Overview
- Description
- Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Vendor comments
- Red HatNot vulnerable. This issue does not affect the versions of rsync distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC8829E5-3C26-407C-A264-4E2DF3B8C075"
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D107BB3-7DC7-4138-BE5F-A8B239427DD7"
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F902BF6-CC1F-4544-A2FF-839A71C23EB0"
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2C715D1-D7A7-47FC-9473-7F2D23AAC115"
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF9CDA0C-DCF8-4790-B345-805570731B38"
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCA76DC6-84A7-488E-9F91-817B86DA7CC4"
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43E69E14-843A-4764-B550-F89C8EEE544F"
},
{
"criteria": "cpe:2.3:a:andrew_tridgell:rsync:2.6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7ED5623-C618-40D7-930C-4659859BAA93"
}
],
"operator": "OR"
}
]
}
]