tinysofa alert TSSA-2004-020-ES (rsync)
| From: | tinysofa Security Team <security@tinysofa.org> | |
| To: | bugtraq@securityfocus.com | |
| Subject: | TSSA-2004-020-ES - rsync | |
| Date: | Tue, 17 Aug 2004 01:31:47 +1000 |
=========================================================================== _ |_ . _ _ _ (_ _ |_ | | ) \/ _) (_) | (_| / Security Advisory #2004-020 Package Name: rsync Summary: Exposure of System Information Advisory ID: TSSA-2004-020-ES Date: 2004-08-16 Affected Products: tinysofa enterprise server 2.0 =========================================================================== Description ----------- rsync [0] is a program for synchronizing files over a network. A vulnerability [1] has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. The vulnerability is caused due to an input validation error within the "sanitize_path()" function of the "util.c" file. Successful exploitation requires that the rsync daemon isn't running chrooted. The vulnerability affects version 2.6.2 and prior. Resolution ---------- The rsync package has been updated to address this vulnerability. References ---------- [0] http://samba.org/rsync/ [1] http://samba.org/rsync/#security_aug04 Recommended Action ================== We recommend that all systems with these packages installed be upgraded. Location ======== All tinysofa updates are available from <URI:http://http.tinysofa.org/pub/tinysofa/updates/>> <URI:ftp://ftp.tinysofa.org/pub/tinysofa/updates/>> Automatic Updates ================= Users of the APT tool can enjoy having updates automatically installed using 'apt-get upgrade'. Questions? ========== Check out our mailing lists: <URI:http://www.tinysofa.org/communicate/>> Verification ============ This advisory is signed with the tinysofa security sign key. This key is available from: <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA...> All tinysofa packages are signed with the tinysofa stable sign key. This key is available from: <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0...> The advisory is available from the tinysofa errata database at <URI:http://www.tinysofa.org/support/errata/>> or directly at <URI:http://www.tinysofa.org/support/errata/2004/020.html>> Updated Packages ================ SRPMS ----- 606db14378c661b0b5ce1bbb3cd87d52 rsync-2.6.2-2ts.src.rpm i386 ---- 7d8ea97c366ae496d266b168c9c172ca rsync-2.6.2-2ts.i386.rpm -- tinysofa Security Team <security at tinysofa dot org>
(Log in to post comments)