Bug 58842 - rsync security vulnerability
Summary: rsync security vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rsync
Version: 7.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Aaron Brown
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-01-25 18:24 UTC by john.l.villalovos
Modified: 2014-03-17 02:25 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-01-25 19:09:45 UTC
Embargoed:


Attachments (Terms of Use)

Description john.l.villalovos 2002-01-25 18:24:03 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221

Description of problem:
Taken from a SuSE security advisory.  I believe that Red Hat is using the same
version of rsync mentioned.

SuSE Security Announcement
Package:               	rsync
Announcement-ID:        SuSE-SA:2002:004
Date:                   Fri Jan 25 17:00:00 CET 2002
Affected SuSE versions: 6.4, 7.0, 7.1, 7.2, 7.3
Vulnerability Type:     remote command executionn
Severity (1-10):        7
SuSE default package:   no
Other affected systems: All systems with vulnerable rsync.

Content of this advisory:
        1) security vulnerability resolved: rsync negative array indexing
problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    The rsync program allows users and administrators to synchronize files and
whole directory structures on different machines. It is common practise to allow
remote users to mirror ftp servers via anonymous rsync access.
    There exist several signedness bugs within the rsync program which allow
remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore
being able to control the programflow and obtaining a shell remotely. These bugs
have been fixed.

    It is recommended (also stated in the rsync documentation) to use the "use
chroot" option in rsyncd's configuration file (/etc/rsyncd.conf) to limit the
impact of a possible attack. Since this workaround does not completely solve the
security problem, we recommend to update the package as described below.

    We want to express our gratitude to Andrew Tridgell and Martin Pool, the
rsync authors and maintainers, for their excellent cooperation in this matter.



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Run rsync
2.
3.
	

Additional info:

Comment 1 Bill Nottingham 2002-01-25 21:34:52 UTC
errata has been release.


Note You need to log in before you can comment on or make changes to this bug.