Bug 58842 - rsync security vulnerability
rsync security vulnerability
Product: Red Hat Linux
Classification: Retired
Component: rsync (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Aaron Brown
: Security
Depends On:
  Show dependency treegraph
Reported: 2002-01-25 13:24 EST by john.l.villalovos
Modified: 2014-03-16 22:25 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-01-25 14:09:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description john.l.villalovos 2002-01-25 13:24:03 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221

Description of problem:
Taken from a SuSE security advisory.  I believe that Red Hat is using the same
version of rsync mentioned.

SuSE Security Announcement
Package:               	rsync
Announcement-ID:        SuSE-SA:2002:004
Date:                   Fri Jan 25 17:00:00 CET 2002
Affected SuSE versions: 6.4, 7.0, 7.1, 7.2, 7.3
Vulnerability Type:     remote command executionn
Severity (1-10):        7
SuSE default package:   no
Other affected systems: All systems with vulnerable rsync.

Content of this advisory:
        1) security vulnerability resolved: rsync negative array indexing
problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)


1)  problem description, brief discussion, solution, upgrade information

    The rsync program allows users and administrators to synchronize files and
whole directory structures on different machines. It is common practise to allow
remote users to mirror ftp servers via anonymous rsync access.
    There exist several signedness bugs within the rsync program which allow
remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore
being able to control the programflow and obtaining a shell remotely. These bugs
have been fixed.

    It is recommended (also stated in the rsync documentation) to use the "use
chroot" option in rsyncd's configuration file (/etc/rsyncd.conf) to limit the
impact of a possible attack. Since this workaround does not completely solve the
security problem, we recommend to update the package as described below.

    We want to express our gratitude to Andrew Tridgell and Martin Pool, the
rsync authors and maintainers, for their excellent cooperation in this matter.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Run rsync

Additional info:
Comment 1 Bill Nottingham 2002-01-25 16:34:52 EST
errata has been release.

Note You need to log in before you can comment on or make changes to this bug.