VULHUB ™

Rdist is a program to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and mtime of files if possible and can update programs that are executing. Rdist reads commands from distfile to direct the updating of files and/or directories. Rdist has over time been notorious for security vulnerabilities. In this instance it is vulnerable to a buffer overrun from user supplied data. Given that rdist is setuid root in some enviroments the attacker can excecute this buffer overflow with the resulting commands they craft being executed as root.

Rdist is a program to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and mtime of files if possible and can update programs that are executing. Rdist reads commands from distfile to direct the updating of files and/or directories. Rdist has over time been notorious for security vulnerabilities. In this instance it is vulnerable to a buffer overrun from user supplied data. Given that rdist is setuid root in some enviroments the attacker can excecute this buffer overflow with the resulting commands they craft being executed as root.