Rsync Bugs Let Users Bypass Chroot and Exclude/Filter Access Controls
|
|
SecurityTracker Alert ID: 1019012 |
|
SecurityTracker URL: http://securitytracker.com/id/1019012
|
|
CVE Reference:
CVE-2007-6199, CVE-2007-6200
(Links to External Site)
|
Updated: Dec 7 2007
|
Original Entry Date: Nov 29 2007
|
Impact:
Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 3.0.0pre6
|
Description:
Two vulnerabilities were reported in Rsync. A remote user can bypass access controls to access files on the target system.
Users that have configured rsync as a writable rsync daemon are affected.
If the daemon is configured with the 'use chroot = no' setting, a remote user can cause rsync to create a symbolic link to a file located outside of the module's hierarchy.
If the daemon is configured with an "exclude", "exclude from", or "filter" option, a remote user can access restricted files. The remote user may be able to write to the file (in accordance with the file's permission).
|
Impact:
A remote user can bypass access controls to access files on the target system.
|
Solution:
The vendor has issued a fixed version (3.0.0pre6).
Also, a patch is available for version 2.6.9.
The Rsync advisory is available at:
http://rsync.samba.org/security.html
|
Vendor URL: rsync.samba.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 29 Nov 2007 01:33:12 -0500
Subject: rsync
|
http://rsync.samba.org/security.html
|
|
