Red Hat Bugzilla – Bug 58842
rsync security vulnerability
Last modified: 2014-03-16 22:25:09 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221
Description of problem:
Taken from a SuSE security advisory. I believe that Red Hat is using the same
version of rsync mentioned.
SuSE Security Announcement
Date: Fri Jan 25 17:00:00 CET 2002
Affected SuSE versions: 6.4, 7.0, 7.1, 7.2, 7.3
Vulnerability Type: remote command executionn
Severity (1-10): 7
SuSE default package: no
Other affected systems: All systems with vulnerable rsync.
Content of this advisory:
1) security vulnerability resolved: rsync negative array indexing
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
1) problem description, brief discussion, solution, upgrade information
The rsync program allows users and administrators to synchronize files and
whole directory structures on different machines. It is common practise to allow
remote users to mirror ftp servers via anonymous rsync access.
There exist several signedness bugs within the rsync program which allow
remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore
being able to control the programflow and obtaining a shell remotely. These bugs
have been fixed.
It is recommended (also stated in the rsync documentation) to use the "use
chroot" option in rsyncd's configuration file (/etc/rsyncd.conf) to limit the
impact of a possible attack. Since this workaround does not completely solve the
security problem, we recommend to update the package as described below.
We want to express our gratitude to Andrew Tridgell and Martin Pool, the
rsync authors and maintainers, for their excellent cooperation in this matter.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Run rsync
errata has been release.