SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Rsync Vendors:   rsync.samba.org
(OpenBSD Issues Fix) Rsync Heap Overflow in Daemon Mode Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1008392
SecurityTracker URL:  http://securitytracker.com/id/1008392
CVE Reference:   CAN-2003-0962   (Links to External Site)
Date:  Dec 5 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.5.6 and prior versions
Description:   A vulnerability was reported in rsync. A remote user can execute arbitrary code on the target system.

It is reported that a remote user can connect to a target server running rsync on TCP port 873 and send specially crafted data to execute arbitrary code. The code will run with the privileges of the rsync daemon.

Only systems that are running rsync in daemon mode are reportedly affected.
Impact:   A remote user can execute arbitrary code with the privileges of the rsync daemon.
Solution:   OpenBSD has released a fix for the 3.3 and 3.4 -stable branches and a new binary package has been built for OpenBSD 3.4/i386, available at:

ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/rsync-2.5.7.tgz
Vendor URL:  rsync.samba.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   UNIX (OpenBSD)

Message History:   This archive entry is a follow-up to the message listed below.
Dec 4 2003 Rsync Heap Overflow in Daemon Mode Lets Remote Users Execute Arbitrary Code


 Source Message Contents
Date:  Thu, 04 Dec 2003 17:22:16 -0700
Subject:  security hole in rsync 2.5.6 and below


A heap overflow exists in rsync versions 2.5.6 and below that can
be used by an attacker to run arbitrary code.  The bug only affects
rsync in server (daemon) mode and occurs *after* rsync has dropped
privileges.  By default, server will chroot(2) to the root of the
file tree being served which significantly mitigates the impact of
the bug.  Installations that disable this behavior by placing "use
chroot = no" in rsyncd.conf are vulnerable to attack.

Sites that do run rsync in server mode should update their rsync
package as soon as possible.  The rsync port has been updated in
the 3.3 and 3.4 -stable branches and a new binary package has been
built for OpenBSD 3.4/i386.  It can be downloaded from:

    ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/rsync-2.5.7.tgz

For more information on the bug, see:

    http://rsync.samba.org/

For more information on packages errata, see:

    http://www.openbsd.org/pkg-stable.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC