Bug 190207 (CVE-2006-2083)

Summary: CVE-2006-2083 rsync buffer overflow issue
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: rsyncAssignee: Jay Fenlason <fenlason>
Status: CLOSED NOTABUG QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: jfeeney
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: public=20060422,impact=moderate,reported=20060420,source=secalert
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-26 14:58:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 170416    

Description Josh Bressers 2006-04-28 19:44:37 UTC 
rsync buffer overflow issue

The receive_xattr() function creates a buffer by adding two integer
variables together without verifying the resultant sum hasn't caused
an integer overflow.

The fix, which is a patch of a patch is here:

http://cvs.samba.org/cgi-bin/cvsweb/rsync/patches/xattrs.diff.diff?r1=1.23&r2=1.24

Only the last few lines matter for this patch, the rest is the result
of making a minor modification in a patch.