130044 – CAN-2004-0792 rsync path sanitizing bug

Bug 130044 - CAN-2004-0792 rsync path sanitizing bug

Summary: CAN-2004-0792 rsync path sanitizing bug

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rsync
Sub Component:
Version:	2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jay Fenlason
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-08-16 19:05 UTC by Josh Bressers
Modified:	2014-08-31 23:26 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-08-19 21:36:46 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2004-08-16 19:05:09 UTC

There is a path-sanitizing bug that affects daemon mode in all recent
rsync versions (including 2.6.2) but only if chroot is disabled. It
does NOT affect the normal send/receive filenames that specify what
files should be transferred (this is because these names happen to get
sanitized twice, and thus the second call removes any lingering
leading slash(es) that the first call left behind). It does affect
certain option paths that cause auxilliary files to be read or written.

More information here
http://samba.org/rsync/#security_aug04

Comment 1 Jay Fenlason 2004-08-19 21:36:46 UTC

updates for fedora core 1 and 2 have been pushed that address this 
vulnerability.

Comment 2 Mark J. Cox 2004-08-20 07:49:39 UTC

http://www.redhat.com/archives/fedora-announce-list/2004-August/msg00023.html
http://www.redhat.com/archives/fedora-announce-list/2004-August/msg00024.html

Note You need to log in before you can comment on or make changes to this bug.