rsyncd vulnerabilities
1/28/02
CAN 2002-0048
Impact
This vulnerability could be exploited by a remote attacker to
execute arbitrary commands with root privileges.
Note: The red stoplight on this page indicates the
highest possible severity level for this category of vulnerabilities.
The actual severity level for this instance is indicated by the colored
dot beside the link to this tutorial on the previous page.
Background
rsync is a Unix protocol
for synchronizing files across a network. By using an algorithm which
transmits only the differences between remote files instead of the
files themselves, rsync is able to synchronize files
much more efficiently than other protocols.
The Problem
Due to the inappropriate use of user-supplied signed integers as an array
index, it is possible for a remote attacker to write null bytes to
arbitrary memory locations. This condition could be exploited
by a remote attacker, leading to corruption of the stack and
possible execution of arbitrary code.
Versions of rsync prior to 2.5.2 are
affected by this vulnerability, unless a fixed release
has already been installed.
Resolution
Upgrade to rsync
2.5.2 or higher, or install a fixed release from your vendor. Vendor fixes are
available for
SuSE,
Engarde,
Connectiva,
Red Hat,
Debian, and
Trustix.
Where can I read more about this?
This vulnerability was first announced in
SuSE Security
Announcement 2002:004.