Unrated severityNVD Advisory· Published Dec 15, 2003· Updated Apr 16, 2026
CVE-2003-0962
CVE-2003-0962
Description
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
Affected products
31cpe:2.3:a:andrew_tridgell:rsync:2.3.1:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:andrew_tridgell:rsync:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_tridgell:rsync:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:rsync:2.4.6-2:*:i386:*:*:*:*:*+ 5 more
- cpe:2.3:a:redhat:rsync:2.4.6-2:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:rsync:2.4.6-5:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:rsync:2.4.6-5:*:ia64:*:*:*:*:*
- cpe:2.3:a:redhat:rsync:2.5.4-2:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:rsync:2.5.5-1:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:rsync:2.5.5-4:*:i386:*:*:*:*:*
cpe:2.3:o:engardelinux:secure_community:1.0.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:engardelinux:secure_community:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:engardelinux:secure_community:2.0:*:*:*:*:*:*:*
cpe:2.3:o:engardelinux:secure_linux:1.1:*:professional:*:*:*:*:*+ 2 more
- cpe:2.3:o:engardelinux:secure_linux:1.1:*:professional:*:*:*:*:*
- cpe:2.3:o:engardelinux:secure_linux:1.2:*:professional:*:*:*:*:*
- cpe:2.3:o:engardelinux:secure_linux:1.5:*:professional:*:*:*:*:*
cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
27- www.redhat.com/support/errata/RHSA-2003-398.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/9153nvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/325603nvdUS Government Resource
- patches.sgi.com/support/free/security/advisories/20031202-01-Unvd
- distro.conectiva.com.br/atualizacoes/nvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- marc.infonvd
- secunia.com/advisories/10353nvd
- secunia.com/advisories/10354nvd
- secunia.com/advisories/10355nvd
- secunia.com/advisories/10356nvd
- secunia.com/advisories/10357nvd
- secunia.com/advisories/10358nvd
- secunia.com/advisories/10359nvd
- secunia.com/advisories/10360nvd
- secunia.com/advisories/10361nvd
- secunia.com/advisories/10362nvd
- secunia.com/advisories/10363nvd
- secunia.com/advisories/10364nvd
- secunia.com/advisories/10378nvd
- secunia.com/advisories/10474nvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/2898nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/13899nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415nvd
News mentions
0No linked articles in our index yet.