Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

TSSA-2004-020-ES - rsync

from [tinysofa Security Team] Network Security [Permanent Link]
Subject: TSSA-2004-020-ES - rsync
Date: Tue, 17 Aug 2004 01:31:47 +1000 
 ===========================================================================
                                             _     
                         |_ .  _      _  _  (_  _  
                         |_ | | ) \/ _) (_) |  (_| 
                                  /                


                       Security Advisory  #2004-020

 Package Name:      rsync
 Summary:           Exposure of System Information
 Advisory ID:       TSSA-2004-020-ES
 Date:              2004-08-16
 Affected Products: tinysofa enterprise server 2.0

 ===========================================================================

 Description
 -----------

    rsync [0] is a program for synchronizing files over a network.

    A vulnerability [1] has been reported in rsync, which potentially can be 
    exploited by malicious users to read or write arbitrary files on a 
    vulnerable system.

    The vulnerability is caused due to an input validation error within the 
    "sanitize_path()" function of the "util.c" file.

    Successful exploitation requires that the rsync daemon isn't running 
    chrooted.

    The vulnerability affects version 2.6.2 and prior.    

 Resolution
 ----------

    The rsync package has been updated to address this vulnerability.

 References
 ----------
   
    [0] http://samba.org/rsync/
    [1] http://samba.org/rsync/#security_aug04
 

 Recommended Action
 ==================

  We recommend that all systems with these packages installed be upgraded.


 Location
 ========

  All tinysofa updates are available from
  <URI:http://http.tinysofa.org/pub/tinysofa/updates/>
  <URI:ftp://ftp.tinysofa.org/pub/tinysofa/updates/>


 Automatic Updates
 =================

  Users of the APT tool can enjoy having updates automatically
  installed using 'apt-get upgrade'.


 Questions?
 ==========

  Check out our mailing lists:
  <URI:http://www.tinysofa.org/communicate/>


 Verification
 ============

  This advisory is signed with the tinysofa security sign key.
  This key is available from:
  <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAEDCBB4B>

  All tinysofa packages are signed with the tinysofa stable sign key.
  This key is available from:
  <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0F1240A2>

  The advisory is available from the tinysofa errata database at
  <URI:http://www.tinysofa.org/support/errata/>
  or directly at
  <URI:http://www.tinysofa.org/support/errata/2004/020.html>


 Updated Packages
 ================

  SRPMS
  -----

  606db14378c661b0b5ce1bbb3cd87d52  rsync-2.6.2-2ts.src.rpm

  i386
  ----

  7d8ea97c366ae496d266b168c9c172ca  rsync-2.6.2-2ts.i386.rpm


 --
 tinysofa Security Team <security at tinysofa dot org>

Attachment: pgpav7MKOH1Qa.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • TSSA-2004-020-ES - rsync, tinysofa Security Team <=
Previous by Date:  First vulnerabilities in the SP2 - XP ?..., Jérôme
Next by Date:  [Full-Disclosure] [ GLSA 200408-18 ] xine-lib: VCD MRL buffer overflow, Kurt Lieber
Previous by Thread:  First vulnerabilities in the SP2 - XP ?..., Jérôme
Next by Thread:  [Full-Disclosure] [ GLSA 200408-18 ] xine-lib: VCD MRL buffer overflow, Kurt Lieber
Indexes:  [Date] [Thread] [Top] [All Lists]