Lucene search

K
redhatRedHatRHSA-2011:0999
HistoryJul 21, 2011 - 12:00 a.m.

(RHSA-2011:0999) Moderate: rsync security, bug fix, and enhancement update

2011-07-2100:00:00
access.redhat.com
21

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

86.5%

rsync is a program for synchronizing files over a network.

A flaw was found in the way the rsync daemon handled the “filter”,
“exclude”, and “exclude from” options, used for hiding files and preventing
access to them from rsync clients. A remote attacker could use this flaw to
bypass those restrictions by using certain command line options and
symbolic links, allowing the attacker to overwrite those files if they knew
their file names and had write access to them. (CVE-2007-6200)

Note: This issue only affected users running rsync as a writable daemon:
“read only” set to “false” in the rsync configuration file (for example,
“/etc/rsyncd.conf”). By default, this option is set to “true”.

This update also fixes the following bugs:

  • The rsync package has been upgraded to upstream version 3.0.6, which
    provides a number of bug fixes and enhancements over the previous version.
    (BZ#339971)

  • When running an rsync daemon that was receiving files, a deferred info,
    error or log message could have been sent directly to the sender instead of
    being handled by the “rwrite()” function in the generator. Also, under
    certain circumstances, a deferred info or error message from the receiver
    could have bypassed the log file and could have been sent only to the
    client process. As a result, an “unexpected tag 3” fatal error could have
    been displayed. These problems have been fixed in this update so that an
    rsync daemon receiving files now works as expected. (BZ#471182)

  • Prior to this update, the rsync daemon called a number of timezone-using
    functions after doing a chroot. As a result, certain C libraries were
    unable to generate proper timestamps from inside a chrooted daemon. This
    bug has been fixed in this update so that the rsync daemon now calls the
    respective timezone-using functions prior to doing a chroot, and proper
    timestamps are now generated as expected. (BZ#575022)

  • When running rsync under a non-root user with the “-A” (“–acls”) option
    and without using the “–numeric-ids” option, if there was an Access
    Control List (ACL) that included a group entry for a group that the
    respective user was not a member of on the receiving side, the
    “acl_set_file()” function returned an invalid argument value (“EINVAL”).
    This was caused by rsync mistakenly mapping the group name to the Group ID
    “GID_NONE” (“-1”), which failed. The bug has been fixed in this update so
    that no invalid argument is returned and rsync works as expected.
    (BZ#616093)

  • When creating a sparse file that was zero blocks long, the “rsync
    –sparse” command did not properly truncate the sparse file at the end of
    the copy transaction. As a result, the file size was bigger than expected.
    This bug has been fixed in this update by properly truncating the file so
    that rsync now copies such files as expected. (BZ#530866)

  • Under certain circumstances, when using rsync in daemon mode, rsync
    generator instances could have entered an infinitive loop, trying to write
    an error message for the receiver to an invalid socket. This problem has
    been fixed in this update by adding a new sibling message: when the
    receiver is reporting a socket-read error, the generator will notice this
    fact and avoid writing an error message down the socket, allowing it to
    close down gracefully when the pipe from the receiver closes. (BZ#690148)

  • Prior to this update, there were missing deallocations found in the
    “start_client()” function. This bug has been fixed in this update and no
    longer occurs. (BZ#700450)

All users of rsync are advised to upgrade to this updated package, which
resolves these issues and adds enhancements.

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

86.5%

Related for RHSA-2011:0999