LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: rsync vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Sebastian Krahmer discovered that rsync could overflow when handling ACLs. An attacker could construct a malicious set of files that when processed by rsync could lead to arbitrary code execution or a crash.
=========================================================== 
Ubuntu Security Notice USN-600-1             April 11, 2008
rsync vulnerability
CVE-2008-1720
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  rsync                           2.6.9-3ubuntu1.2

Ubuntu 7.10:
  rsync                           2.6.9-5ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Sebastian Krahmer discovered that rsync could overflow when handling ACLs.
An attacker could construct a malicious set of files that when processed
by rsync could lead to arbitrary code execution or a crash.


Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu1.2.diff.gz
      Size/MD5:    39403 9633c4376d4aa5d8e4c3da99405ca0d6
    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu1.2.dsc
      Size/MD5:      658 08549083557957c66e73e42aa683f1b5
    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9.orig.tar.gz
      Size/MD5:   811841 996d8d8831dbca17910094e56dcb5942

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu1.2_amd64.deb
      Size/MD5:   275936 633f49faf8c061d199fa1fa109e4d46a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu1.2_i386.deb
      Size/MD5:   262086 381d1741edd2151b09fdfcd11829246f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu1.2_powerpc.deb
      Size/MD5:   282406 e8704361305a8308274b253863876766

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu1.2_sparc.deb
      Size/MD5:   270148 d6af336d9d029920c4c9b308e50f1e45

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-5ubuntu1.1.diff.gz
      Size/MD5:    40051 f86fdffdfeb406e1164dd8573c527174
    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-5ubuntu1.1.dsc
      Size/MD5:      658 6ce35afac1779ce799dd10e42535bcb7
    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9.orig.tar.gz
      Size/MD5:   811841 996d8d8831dbca17910094e56dcb5942

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-5ubuntu1.1_amd64.deb
      Size/MD5:   277264 2652f8655e5f33073a90e0d25559aada

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-5ubuntu1.1_i386.deb
      Size/MD5:   263124 90761cc1de553a35fb6c719e5632b84d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-5ubuntu1.1_powerpc.deb
      Size/MD5:   283556 cc28973832efb6c5e2fe82893ce774d4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-5ubuntu1.1_sparc.deb
      Size/MD5:   271206 4909fa7ccc14431f6419f51da2487400


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.