90 matches found
[SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access
-------------------------------------------------------------------------- Debian Security Advisory DSA 538-1 [email protected] http://www.debian.org/security/ Martin Schulze August 17th, 2004 http://www.debian.org/security/faq -...
Mandrake Linux Security Advisory : rsync (MDKSA-2002:009)
Sebastian Krahmer of the SuSE Security Team performed an audit on the rsync tool and discovered that in several places signed and unsigned numbers were mixed, with the end result being insecure code. These flaws could be abused by remote users to write 0 bytes into rsync's memory and trick rsync...
Mandrake Linux Security Advisory : rsync (MDKSA-2004:042)
Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. The updated packages provide a patched rsync to correct this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Important: Red Hat Security Advisory: rsync security update
An updated rsync package that fixes a directory traversal security flaw is now available. Rsync is a program for synchronizing files over a network. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to wri...
rsync security advisory
rsync 2.5.6 security advisory ----------------------------- December 4th 2003 Background ---------- The rsync team has received evidence that a vulnerability in rsync was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server. While the...
Critical: Red Hat Security Advisory: rsync security update
Updated rsync packages are now available that fix a heap overflow in the Rsync server. rsync is a program for sychronizing files over the network. A heap overflow bug exists in rsync versions prior to 2.5.7. On machines where the rsync server has been enabled, a remote attacker could use this fla...
[SECURITY] [DSA-106-2] updated rsync fix
Package : rsync Problem type : remote exploit Debian-specific: no In Debian Security Advisory DSA-106-1 we reported a exploitable problem in rsync. For details please see that advisory. Unfortunately the patch used to fix that problem broke rsync. This has been fixed in version 2.3.2-1.5 and we...
[SECURITY] New versions of rsync fixes security hole
This is an old report from May 1999 but it wasnt reported on this channel yet. The author of rsync, Andrew Tridgell, has reported that former versions of rsync contained a security-related bug. I you were transferring an empty directory into a non-existent directory on a remote host, permissions ...
[SECURITY] New versions of rsync fixes security hole
This is an old report from May 1999 but it wasnt reported on this channel yet. The author of rsync, Andrew Tridgell, has reported that former versions of rsync contained a security-related bug. I you were transferring an empty directory into a non-existent directory on a remote host, permissions ...
rsync.permissions.txt
Date: Wed, 7 Apr 1999 22:21:30 +1000 From: Andrew Tridgell To: [email protected] Subject: rsync 2.3.1 release - security fix I discovered a security hole in rsync yesterday and have released rsync 2.3.1 to fix it. The new version and patches against the last version are available at...