SUSE-SA:2004:026: rsync

The remote host is missing the patch for the advisory SUSE-SA:2004:026 rsync. The rsync-team released an advisory about a security problem in rsync. If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute...

Mandrake Linux Security Advisory : rsync (MDKSA-2002:009)

Sebastian Krahmer of the SuSE Security Team performed an audit on the rsync tool and discovered that in several places signed and unsigned numbers were mixed, with the end result being insecure code. These flaws could be abused by remote users to write 0 bytes into rsync's memory and trick rsync...

SuSE-SA:2004:019: dhcp/dhcp-server

The remote host is missing the patch for the advisory SuSE-SA:2004:019 dhcp/dhcp-server. The Dynamic Host Configuration Protocol DHCP server is used to configure clients that dynamically connect to a network WLAN hotspots, customer networks, .... The CERT informed us about a buffer overflow in th...

SuSE-SA:2003:050: rsync

The remote host is missing the patch for the advisory SuSE-SA:2003:050 rsync. The rsync suite provides client and server tools to easily support an administrator keeping the files of different machines in sync. In most private networks the rsync client tool is used via SSH to fulfill his tasks. I...

Fedora Core 1 : rsync-2.5.7-5.fc1 (2004-116)

Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to write files outside of the module's 'path', depending on the privileges assigned to the rsync daemon. Users not running an rsync daemon, running a...

rsync: Directory traversal in rsync daemon

Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description When rsyncd is used...

CVE-2004-0426

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...

CVE-2004-0609

CVE-2004-0609 affects the rssh project (versions 2.0 through 2.1.x), where command-line arguments are expanded before entering a chroot jail. This behavior lets remote authenticated users determine the existence of files in directories outside the jail (file-name disclosure). The root cause is ar...

CVE-2004-0609

Removed by vendor...

CVE-2004-0609

rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail...

Security flaw in rssh

rssh is a small shell whose purpose is to restrict users to using scp or sftp, and also provides the facilities to place users in a chroot jail. It can also be used to lock users out of a system completely. William F. McCaw identified a minor security flaw in rssh when used with chroot jails. The...

rssh -- file name disclosure bug

rssh expands command line paramters before invoking chroot. This could result in the disclosure to the client of file names outside of the chroot directory. A posting by the rssh author explains: The cause of the problem identified by Mr. McCaw is that rssh expanded command-line arguments prior t...

security flaw

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...

rsync update

New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away and...

DSA-499 rsync - directory traversal

Bulletin has no description...

Linux 2.4.24 with vserver 1.24 exploit

Hi securityfocus, a small exploit from me which brakes out of a vserver, also if secured with "chmod 000 /vservers". It is a modification of the known "chroot-again" exploit. It belongs to chroots but also to the vserver project. Tested with linux 2.4.24 and vserver 1.24. The bug was posted to th...

Linux VServer Project 1.2x - Chroot Breakout

/ source: https://www.securityfocus.com/bid/9596/info VServer is reported prone to a breakout vulnerability that allows a malicious user to escape from the context of the chrooted root directory of the virtual server. This issue is due to the VServer application failing to secure itself against a...

vserver_chroot.txt

Hi securityfocus, a small exploit from me which brakes out of a vserver, also if secured with "chmod 000 /vservers". It is a modification of the known "chroot-again" exploit. It belongs to chroots but also to the vserver project. Tested with linux 2.4.24 and vserver 1.24. The bug was posted to th...

Linux VServer Project 1.2x - Chroot Breakout

Linux VServer Project 1.2x - Chroot Breakout / source: https://www.securityfocus.com/bid/9596/info VServer is reported prone to a breakout vulnerability that allows a malicious user to escape from the context of the chrooted root directory of the virtual server. This issue is due to the VServer...

CVE-2004-1124

Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities...