SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Rsync Vendors:   [Multiple Authors/Vendors]
(Caldera Issues Fix) Rsync Remote File Synchronization Utility Lets Remote Users Execute Arbitrary Code on the Server
SecurityTracker Alert ID:  1003490
SecurityTracker URL:  http://securitytracker.com/id/1003490
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 9 2002
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   SuSE reported a vulnerability in the 'rsync' file synchronization application. A remote user may be able to execute arbitrary code on the server.

It is reported that there are several cases where the signedness of variables are not checked. A remote user could write NULL bytes to arbitrary stack locations (or nearly any stack location) to cause arbitrary code to be executed on the server.

Impact:   A remote user can execute arbitrary code on the server. The code will run with the privileges of the server (which depend on how the server is configured).
Solution:   The vendor has released a fix.

For OpenLinux 2.3:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS

The verification checksums are:

5f24a0ddccec6d227bda592e770770c5 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh rsync-2.5.0-2.i386.rpm


For OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

The verification checksums are:

f1679a658eee7afc5cc5e223a0f019b4 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh rsync-2.5.0-2.i386.rpm


For OpenLinux eDesktop 2.4:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS

The verification checksums are:

319f52b332937a9ec9b6b3a84a1a2818 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh rsync-2.5.0-2.i386.rpm


For OpenLinux 3.1 Server:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

The verification checksums are:

6edac1d41d34f694ff64a9b363f76be0 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh rsync-2.5.0-2.i386.rpm


For OpenLinux 3.1 Workstation:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

The verification checksums are:

6edac1d41d34f694ff64a9b363f76be0 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh rsync-2.5.0-2.i386.rpm


For OpenLinux 3.1 IA64:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/SRPMS

The verification checksums are:

35254e165135c1e1d08816432a04f132 RPMS/rsync-2.5.0-2.ia64.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh rsync-2.5.0-2.ia64.rpm


For OpenLinux 3.1.1 Server:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

The verification checksums are:

bc2612d7b204fbeef936e24ec8afe0b6 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh rsync-2.5.0-2.i386.rpm


For OpenLinux 3.1.1 Workstation:

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

The verification checksums are:

bc2612d7b204fbeef936e24ec8afe0b6 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm

Upgrade the affected packages with the following commands:

rpm -Fvh rsync-2.5.0-2.i386.rpm

Vendor URL:  rsync.samba.org/rsync/ (Links to External Site)
Cause:   Boundary error, State error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  SuSE 6.4, 7.0, 7.1, 7.2, 7.3; other operating systems may also be affected

Message History:   This archive entry is a follow-up to the message listed below.
Jan 25 2002 Rsync Remote File Synchronization Utility Lets Remote Users Execute Arbitrary Code on the Server



 Source Message Contents

Subject:  Security Update [CSSA-2002-003.0] Linux - Remote attack on rsync


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		Linux - Remote attack on rsync
Advisory number: 	CSSA-2002-003.0
Issue date: 		2002, January 24
Cross reference:
______________________________________________________________________________


1. Problem Description

   Sebastian Krahmer of SuSE discovered a vulnerability in rsync that
   allows an attacker to modify memory of the rsync server process. There
   is no know exploit yet, but this vulernability could be used against
   servers providing downloads via anonymous rsync. Note that the problem
   can also be exploited by a rogue server, attacking a client who uses
   rsync.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                 All packages previous to      
                                 rsync-2.5.0-2                 
   
   OpenLinux eServer 2.3.1       All packages previous to      
   and OpenLinux eBuilder        rsync-2.5.0-2                 
   
   OpenLinux eDesktop 2.4        All packages previous to      
                                 rsync-2.5.0-2                 
   
   OpenLinux Server 3.1          All packages previous to      
                                 rsync-2.5.0-2                 
   
   OpenLinux Workstation 3.1     All packages previous to      
                                 rsync-2.5.0-2                 
   
   OpenLinux 3.1 IA64            All packages previous to      
                                 rsync-2.5.0-2                 
   
   OpenLinux Server 3.1.1        All packages previous to      
                                 rsync-2.5.0-2                 
   
   OpenLinux Workstation         All packages previous to      
   3.1.1                         rsync-2.5.0-2                 
   


3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

    4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       5f24a0ddccec6d227bda592e770770c5  RPMS/rsync-2.5.0-2.i386.rpm
       53d246410dd62b6db36c1ff682193331  SRPMS/rsync-2.5.0-2.src.rpm
       

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh rsync-2.5.0-2.i386.rpm
         

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

    5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       f1679a658eee7afc5cc5e223a0f019b4  RPMS/rsync-2.5.0-2.i386.rpm
       53d246410dd62b6db36c1ff682193331  SRPMS/rsync-2.5.0-2.src.rpm
       

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh rsync-2.5.0-2.i386.rpm
         

6. OpenLinux eDesktop 2.4

    6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       319f52b332937a9ec9b6b3a84a1a2818  RPMS/rsync-2.5.0-2.i386.rpm
       53d246410dd62b6db36c1ff682193331  SRPMS/rsync-2.5.0-2.src.rpm
       

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh rsync-2.5.0-2.i386.rpm
         

7. OpenLinux 3.1 Server

    7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

   7.2 Verification

       6edac1d41d34f694ff64a9b363f76be0  RPMS/rsync-2.5.0-2.i386.rpm
       53d246410dd62b6db36c1ff682193331  SRPMS/rsync-2.5.0-2.src.rpm
       

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh rsync-2.5.0-2.i386.rpm
         

8. OpenLinux 3.1 Workstation

    8.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

   8.2 Verification

       6edac1d41d34f694ff64a9b363f76be0  RPMS/rsync-2.5.0-2.i386.rpm
       53d246410dd62b6db36c1ff682193331  SRPMS/rsync-2.5.0-2.src.rpm
       

   8.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh rsync-2.5.0-2.i386.rpm
         

9. OpenLinux 3.1 IA64

    9.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/SRPMS

   9.2 Verification

       35254e165135c1e1d08816432a04f132  RPMS/rsync-2.5.0-2.ia64.rpm
       53d246410dd62b6db36c1ff682193331  SRPMS/rsync-2.5.0-2.src.rpm
       

   9.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh rsync-2.5.0-2.ia64.rpm
         

10. OpenLinux 3.1.1 Server

    10.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

   10.2 Verification

       bc2612d7b204fbeef936e24ec8afe0b6  RPMS/rsync-2.5.0-2.i386.rpm
       53d246410dd62b6db36c1ff682193331  SRPMS/rsync-2.5.0-2.src.rpm
       

   10.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh rsync-2.5.0-2.i386.rpm
         

11. OpenLinux 3.1.1 Workstation

    11.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

   11.2 Verification

       bc2612d7b204fbeef936e24ec8afe0b6  RPMS/rsync-2.5.0-2.i386.rpm
       53d246410dd62b6db36c1ff682193331  SRPMS/rsync-2.5.0-2.src.rpm
       

   11.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh rsync-2.5.0-2.i386.rpm
         


12. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 11350.


13. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.

14. Acknowledgements

   Caldera International wishes to thank Sebastian Krahmer of SuSE for his
   thorough security review, and for sharing his finding.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8X8JV18sy83A/qfwRAuQ4AKChuNxFkSa8D1tTPpEizbuHpA9qbwCfWL/B
WKmA3JGKIZ3rowplXTEL7DM=
=8c0p
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com
For additional commands, e-mail: announce-help@lists.caldera.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC