SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Rsync Vendors:   rsync.samba.org
(OpenBSD Issues Fix) Rsync Heap Overflow in Daemon Mode Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1008392
SecurityTracker URL:  http://securitytracker.com/id/1008392
CVE Reference:   CVE-2003-0962   (Links to External Site)
Date:  Dec 5 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.5.6 and prior versions
Description:   A vulnerability was reported in rsync. A remote user can execute arbitrary code on the target system.

It is reported that a remote user can connect to a target server running rsync on TCP port 873 and send specially crafted data to execute arbitrary code. The code will run with the privileges of the rsync daemon.

Only systems that are running rsync in daemon mode are reportedly affected.

Impact:   A remote user can execute arbitrary code with the privileges of the rsync daemon.
Solution:   OpenBSD has released a fix for the 3.3 and 3.4 -stable branches and a new binary package has been built for OpenBSD 3.4/i386, available at:

ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/rsync-2.5.7.tgz

Vendor URL:  rsync.samba.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.3, 3.4

Message History:   This archive entry is a follow-up to the message listed below.
Dec 4 2003 Rsync Heap Overflow in Daemon Mode Lets Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  security hole in rsync 2.5.6 and below


A heap overflow exists in rsync versions 2.5.6 and below that can
be used by an attacker to run arbitrary code.  The bug only affects
rsync in server (daemon) mode and occurs *after* rsync has dropped
privileges.  By default, server will chroot(2) to the root of the
file tree being served which significantly mitigates the impact of
the bug.  Installations that disable this behavior by placing "use
chroot = no" in rsyncd.conf are vulnerable to attack.

Sites that do run rsync in server mode should update their rsync
package as soon as possible.  The rsync port has been updated in
the 3.3 and 3.4 -stable branches and a new binary package has been
built for OpenBSD 3.4/i386.  It can be downloaded from:

    ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/rsync-2.5.7.tgz

For more information on the bug, see:

    http://rsync.samba.org/

For more information on packages errata, see:

    http://www.openbsd.org/pkg-stable.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC