| VID |
23046 |
| Severity |
40 |
| Port |
873 |
| Protocol |
TCP |
| Class |
RSYNCD |
| Detailed Description |
The rsync server, according to its version number, is vulnerable to an array index overflow. Included in most distributions of Linux, rsync is a popular tool for synchronizing files across multiple hosts. Though not enabled in the default configuration, rsync can be run as a daemon to facilitate the distribution of files to FTP mirror sites. rsync versions prior to 2.5.2 could allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server. Under some circumstances, a remotely supplied signed value is used as an array index, allowing NULL bytes to be written to arbitrary memory locations. Exploitation of this vulnerability could lead to the corruption of the stack, and possibly to execution of arbitrary code as the root user.
* Note: This check solely relied on the version number of the remote rsync server to assess this vulnerability, so this might be a false positive.
* References:
http://www.kb.cert.org/vuls/id/800635
http://www.securitybugware.org/mUNIXes/5034.html
* Platforms Affected:
rsync prior to 2.5.2
UNIX Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of rsync (2.5.2 or later), available from the rsync Web site at http://rsync.samba.org/
For Red Hat Linux:
Upgrade to the latest version of rsync, as listed in Red Hat Linux Errata Advisory RHSA-2002:018-05 at http://rhn.redhat.com/errata/RHSA-2002-018.html
For SuSE Linux 6.4 (Intel):
Upgrade to the latest version of rsync, as listed in SuSE Security Announcement SuSE-SA:2002:004 at http://archives.neohapsis.com/archives/bugtraq/2002-01/0315.html
For Conectiva Linux 5.0, prg graficos, and ecommerce:
Upgrade to the latest version of rsync, as listed in Conectiva Linux Security Announcement CLA-2002:458 at http://archives.neohapsis.com/archives/bugtraq/2002-01/0316.html
For Debian GNU/Linux 2.2 (alias potato):
Upgrade to the latest version of rsync (2.3.2-1.5 or later), as listed in Debian Security Advisory DSA-106-2 at http://www.debian.org/security/2002/dsa-106
For Trustix Secure Linux 1.01, 1.1, 1.2, and 1.5:
Upgrade to the latest version of rsync (2.4.6-4tr or later), as listed in Trustix Secure Linux Security Advisory #2002-0025 at http://www.trustix.net/errata/misc/2002/TSL-2002-0025-rsync.asc.txt
For Caldera OpenLinux:
Upgrade to the latest version of rsync (2.5.0-2 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2002-003.0 at ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-003.0.txt
For FreeBSD Ports Collection prior to 2002-01-23:
Upgrade to the latest rsync package (2.5.1_1 or later), as listed in FreeBSD, Inc. Security Advisory FreeBSD-SA-02:10 at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:10.rsync.asc
For other distributions:
Contact your vendor for upgrade or patch information. Or see the CERT Vulnerability Note VU#800635 at http://www.kb.cert.org/vuls/id/800635 |
| Related URL |
CVE-2002-0048 (CVE) |
| Related URL |
3958 (SecurityFocus) |
| Related URL |
7993 (ISS) |
|
