remote system compromise in rsync

2004-08-1614:49:13

lists.opensuse.org

0.006 Low

EPSS

Percentile

77.9%

JSON

The rsync-team released an advisory about a security problem in rsync. If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. As a result it is possible to read/write from/to files outside the rsync directory.

Solution

As a temporary workaround we suggest to keep the chroot-option of rsyncd enabled or to avoid the daemon-mode and use SSH as transport channel if possible.

OSVersionArchitecturePackageVersionFilename
openSUSE9.0i586rsync< 2.6.2-26rsync-2.6.2-26.i586.rpm
openSUSE8.2i586rsync< 2.6.2-26rsync-2.6.2-26.i586.rpm
openSUSE9.1i586rsync< 2.6.2-8.9rsync-2.6.2-8.9.i586.rpm
openSUSE8.1i586rsync< 2.6.2-25rsync-2.6.2-25.i586.rpm
openSUSE9.1x86_64rsync< 2.6.2-8.9rsync-2.6.2-8.9.x86_64.rpm
openSUSE9.0x86_64rsync< 2.6.2-26rsync-2.6.2-26.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	9.0	i586	rsync	< 2.6.2-26	rsync-2.6.2-26.i586.rpm
openSUSE	8.2	i586	rsync	< 2.6.2-26	rsync-2.6.2-26.i586.rpm
openSUSE	9.1	i586	rsync	< 2.6.2-8.9	rsync-2.6.2-8.9.i586.rpm
openSUSE	8.1	i586	rsync	< 2.6.2-25	rsync-2.6.2-25.i586.rpm
openSUSE	9.1	x86_64	rsync	< 2.6.2-8.9	rsync-2.6.2-8.9.x86_64.rpm
openSUSE	9.0	x86_64	rsync	< 2.6.2-26	rsync-2.6.2-26.x86_64.rpm

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for SUSE-SA:2004:026