Bug 152711
| Summary: | rsync before 2.6.1 does not properly sanitize paths + a segfault | ||
|---|---|---|---|
| Product: | [Retired] Fedora Legacy | Reporter: | Rok Papez <rok.papez> |
| Component: | Package request | Assignee: | Fedora Legacy Bugs <bugs> |
| Status: | CLOSED DUPLICATE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
CAN-2004-0426: rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. This seems to be the fix: --- rsync-2.5.5.orig/options.c +++ rsync-2.5.5/options.c @@ -21,6 +21,8 @@ #include "rsync.h" #include "popt.h" +extern int sanitize_paths; + int make_backups = 0; /** @@ -766,6 +768,15 @@ if (opt_ignore_existing && am_sender) args[ac++] = "--ignore-existing"; + + if (sanitize_paths) { + if (tmpdir) + sanitize_path(tmpdir, NULL); + if (compare_dest) + sanitize_path(compare_dest, NULL); + if (backup_dir) + sanitize_path(backup_dir, NULL); + } if (tmpdir) { args[ac++] = "--temp-dir"; ================================ Test case (exploit) is needed ------- Additional Comments From rok.papez 2004-05-04 11:36:37 ---- *** This bug has been marked as a duplicate of 1569 *** ------- Bug moved to this database by dkl 2005-03-30 18:24 ------- This bug previously known as bug 1568 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=1568 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.