(Apple Issues Fix) Rsync Bugs Let Users Bypass Chroot and Exclude/Filter Access Controls
|
|
SecurityTracker Alert ID: 1020595 |
|
SecurityTracker URL: http://securitytracker.com/id/1020595
|
|
CVE Reference:
CVE-2007-6199, CVE-2007-6200
(Links to External Site)
|
Date: Aug 1 2008
|
Impact:
Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 3.0.0pre6
|
Description:
Two vulnerabilities were reported in Rsync. A remote user can bypass access controls to access files on the target system.
Users that have configured rsync as a writable rsync daemon are affected.
If the daemon is configured with the 'use chroot = no' setting, a remote user can cause rsync to create a symbolic link to a file located outside of the module's hierarchy.
If the daemon is configured with an "exclude", "exclude from", or "filter" option, a remote user can access restricted files. The remote user may be able to write to the file (in accordance with the file's permission).
|
Impact:
A remote user can bypass access controls to access files on the target system.
|
Solution:
Apple has issued a fix (Security Update 2008-005), which can be downloaded and installed via Software Update preferences, or from Apple Downloads at:
http://www.apple.com/support/downloads/
The Apple advisory is available at:
http://support.apple.com/kb/HT2647
|
Vendor URL: rsync.samba.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
