(Slackware Issues Fix) Rsync Heap Overflow in Daemon Mode Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1008381 |
|
SecurityTracker URL: http://securitytracker.com/id/1008381
|
|
CVE Reference:
CAN-2003-0962
(Links to External Site)
|
Date: Dec 4 2003
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.5.6 and prior versions
|
Description:
A vulnerability was reported in rsync. A remote user can execute arbitrary code on the target system.
It is reported that a remote user can connect to a target server running rsync on TCP port 873 and send specially crafted data to execute arbitrary code. The code will run with the privileges of the rsync daemon.
Only systems that are running rsync in daemon mode are reportedly affected.
|
Impact:
A remote user can execute arbitrary code with the privileges of the rsync daemon.
|
Solution:
Slackware has released a fix.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/rsync-2.5.7-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/rsync-2.5.7-i386-1.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/rsync-2.5.7-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/rsync-2.5.7-i486-1.tgz
The MD5 signatures are:
Slackware 8.1 package:
9adcdfaeca3022204bc1bef1d97802cf rsync-2.5.7-i386-1.tgz
Slackware 9.0 package:
12788c9af15174c683ada4c5e5746372 rsync-2.5.7-i386-1.tgz
Slackware 9.1 package:
38d40a65d526f92c41ff72afae74e546 rsync-2.5.7-i486-1.tgz
Slackware -current package:
3f68fa78c6d095da4269e27806596d48 rsync-2.5.7-i486-1.tgz
|
Vendor URL: rsync.samba.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Slackware)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 3 Dec 2003 23:50:44 -0800 (PST)
Subject: [slackware-security] rsync security update (SSA:2003-337-01)
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] rsync security update (SSA:2003-337-01)
Rsync is a file transfer client and server.
A security problem which may lead to unauthorized machine access
or code execution has been fixed by upgrading to rsync-2.5.7.
This problem only affects machines running rsync in daemon mode,
and is easier to exploit if the non-default option "use chroot = no"
is used in the /etc/rsyncd.conf config file.
Any sites running an rsync server should upgrade immediately.
For complete information, see the rsync home page:
http://rsync.samba.org
Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Wed Dec 3 22:18:35 PST 2003
patches/packages/rsync-2.5.7-i486-1.tgz: Upgraded to rsync-2.5.7.
From the rsync-2.5.7-NEWS file:
SECURITY:
* Fix buffer handling bugs. (Andrew Tridgell, Martin Pool, Paul
Russell, Andrea Barisani)
The vulnerability affects sites running rsync in daemon mode (rsync
servers). These sites should be upgraded immediately.
(* Security fix *)
+--------------------------+
WHERE TO FIND THE NEW PACKAGE:
+-----------------------------+
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/rsync-2.5.7-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/rsync-2.5.7-i386-1.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/rsync-2.5.7-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/rsync-2.5.7-i486-1.tgz
MD5 SIGNATURES:
+-------------+
Slackware 8.1 package:
9adcdfaeca3022204bc1bef1d97802cf rsync-2.5.7-i386-1.tgz
Slackware 9.0 package:
12788c9af15174c683ada4c5e5746372 rsync-2.5.7-i386-1.tgz
Slackware 9.1 package:
38d40a65d526f92c41ff72afae74e546 rsync-2.5.7-i486-1.tgz
Slackware -current package:
3f68fa78c6d095da4269e27806596d48 rsync-2.5.7-i486-1.tgz
INSTALLATION INSTRUCTIONS:
+------------------------+
If you're running rsync as a daemon, kill it:
# killall rsync
Then, upgrade the package:
# upgradepkg rsync-2.5.7-i486-1.tgz
Finally, restart the rsync daemon:
# rsync --daemon
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/zuYUakRjwEAQIjMRAv8BAJ4mBp2BLFrk2Uw6qYbQyzZGWxDAhQCeK717
XvGEot5Waqq4pwafZ2dw3Lc=
=ddu3
-----END PGP SIGNATURE-----
|
|
