CVE-2002-0048

Name of the Vulnerable Software and Affected Versions rsync versions 2.3.2 through 2.4.6

Description The issue is related to multiple signedness errors in the I/O functions of rsync, which can be exploited remotely. These errors, involving mixed signed and unsigned numbers, allow remote attackers to cause a denial of service and potentially execute arbitrary code in the rsync client or server. This could lead to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For rsync version 2.3.2, update to a version that fixes the signedness errors in the I/O functions. For rsync version 2.4.6, update to a version that fixes the signedness errors in the I/O functions. As a temporary workaround, consider restricting access to the rsync client and server to minimize the risk of exploitation.