CVE-2004-2093

Name of the Vulnerable Software and Affected Versions rsync versions 2.5.7 and earlier

Description A buffer overflow issue exists in the open socket out function, located in socket.c, which can be triggered by a long RSYNC PROXY environment variable. This can cause a denial of service, resulting in a crash, and potentially allow the execution of arbitrary code. It is noted that since rsync is not setuid, this issue does not provide any additional privileges beyond those already available to the user.

Recommendations For rsync versions 2.5.7 and earlier, consider restricting the length of the RSYNC PROXY environment variable to prevent exploitation until a fix is available. As a temporary workaround, avoid using long values for the RSYNC PROXY variable.