From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221 Description of problem: Taken from a SuSE security advisory. I believe that Red Hat is using the same version of rsync mentioned. SuSE Security Announcement Package: rsync Announcement-ID: SuSE-SA:2002:004 Date: Fri Jan 25 17:00:00 CET 2002 Affected SuSE versions: 6.4, 7.0, 7.1, 7.2, 7.3 Vulnerability Type: remote command executionn Severity (1-10): 7 SuSE default package: no Other affected systems: All systems with vulnerable rsync. Content of this advisory: 1) security vulnerability resolved: rsync negative array indexing problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The rsync program allows users and administrators to synchronize files and whole directory structures on different machines. It is common practise to allow remote users to mirror ftp servers via anonymous rsync access. There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely. These bugs have been fixed. It is recommended (also stated in the rsync documentation) to use the "use chroot" option in rsyncd's configuration file (/etc/rsyncd.conf) to limit the impact of a possible attack. Since this workaround does not completely solve the security problem, we recommend to update the package as described below. We want to express our gratitude to Andrew Tridgell and Martin Pool, the rsync authors and maintainers, for their excellent cooperation in this matter. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Run rsync 2. 3. Additional info:
errata has been release.