Slackware: rsync Improper write access vulnerability
Posted by LinuxSecurity.com Team   
Slackware When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory.

[slackware-security]  rsync update (SSA:2004-124-01)

New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to
fix a security issue.  When running an rsync server without the chroot option
it is possible for an attacker to write outside of the allowed directory.
Any sites running rsync in that mode should upgrade right away (and should
probably look into using the chroot option as well).

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Sun May  2 17:16:41 PDT 2004
patches/packages/rsync-2.6.2-i486-1.tgz:  Upgraded to rsync-2.6.2.
  Rsync before 2.6.1 does not properly sanitize paths when running a
  read/write daemon without using chroot, allowing remote attackers to
  write files outside of the module's path.
  For more details, see:
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 8.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/rsync-2.6.2-i386-1.tgz

Updated package for Slackware 9.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/rsync-2.6.2-i386-1.tgz

Updated package for Slackware 9.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/rsync-2.6.2-i486-1.tgz

Updated package for Slackware -current: 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/rsync-2.6.2-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 8.1 package:
f7702e872e7816dcb6f9b0ba27c3fb61  rsync-2.6.2-i386-1.tgz

Slackware 9.0 package:
f6ec19791028f4b355bc16d454031204  rsync-2.6.2-i386-1.tgz

Slackware 9.1 package:
a42dc11056b37c7ddd94f71e4ce20c74  rsync-2.6.2-i486-1.tgz

Slackware -current package:
31eb4e17aea2a32a98d4576fab64ab8b  rsync-2.6.2-i486-1.tgz


Installation instructions:
+------------------------+

If rsync is running as a server, shut it down first.

Then, upgrade the packages as root:
# upgradepkg rsync-2.6.2-i486-1.tgz

Finally, restart the rsync server if needed.


+-----+

Slackware Linux Security Team 
http://slackware.com/gpg-key
security@slackware.com