[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] rsync remote root exploit

To: linux-security
Subject: [linux-security] rsync remote root exploit
From: Martin Siegert <siegert@sfu.ca>
Date: Mon, 28 Jan 2002 12:41:57 -0800
User-Agent: Mutt/1.2.5.1i

Topic
=====
remote root exploit in rsync

Problem Description
===================
The rsync program allows users and administrators to synchronize files and
whole directory structures on different machines. 
There exist several signedness bugs within the rsync program which allow
remote attackers to write 0-bytes to almost arbitrary stack-locations,
therefore being able to control the programflow and obtaining a shell
remotely.

Affected Systems
================
rsync versions < 2.5.2

Workaround (recomended)
=======================
Unistall rsync: rpm -e rsync
All "r" commands are insecure. Do not use them. Do not enable them.
rsync is particularly bad as it uses its own protocol and may even be
used in a standalone rsync daemon mode.

If you must syncronize files between machines, use rdist instead, which
is based on the rsh protocol.

Solution
========
upgrade to rsync-2.5.2 or a patched version for your distribution.

RedHat 6.x
----------
rpm -Fvh rsync-2.4.6-0.6.i386.rpm

RedHat 7.x
----------
rpm -Fvh rsync-2.4.6-8.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to rsync_2.3.2-1.3_i386.deb

Follow-Ups:
- Re: [linux-security] rsync remote root exploit
  - From: Martin Siegert <siegert@sfu.ca>
- Re: [linux-security] rsync remote root exploit
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] local root exploit in at
Next by Date: Re: [linux-security] rsync remote root exploit
Prev by thread: Re: [linux-security] Alert: multiple vulnerabilities in SNMP packages (Debian, Mandrake)
Next by thread: Re: [linux-security] rsync remote root exploit
Index(es):
- Date
- Thread