Red Hat Bugzilla – Bug 441683
CVE-2008-1720 rsync: integer overflow in xattr handling
Last modified: 2016-03-04 06:27:57 EST
Sebastian Krahmer of SuSE reported and integer overflow leading to a heap buffer
overflow in the xattr handling code (function expand_item_list()) used by rsync.
This issue affects rsync 2.6.9 and all rsync 3.x versions with xattr support
enabled. Upstream released version 3.0.2:
including the fix:
Upstream advisory also documents following mitigation to prevent exploitation of
the issue on affected versions:
Those running a writable rsync daemon can opt to refuse the "xattrs" option
as a way to avoid the problem without an upgrade:
refuse options = xattrs
(If you already refuse options, be sure to append "xattrs" to your existing
config parameter rather than adding another refuse directive.)
F-7,F-8 and F-9 packages released.
no RHEL product seem to be affected.
rsync-2.6.9-6.fc7 has been submitted as an update for Fedora 7
rsync-2.6.9-5.fc8 has been submitted as an update for Fedora 8
This issue did not affect rsync packages as shipped in Red Hat Enterprise Linux
2.1, 3, 4 and 5.
rsync-2.6.9-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
rsync-2.6.9-6.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: