Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com
Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

 






Current Newswire:

Webopedia Term of the Day: What is Macbuntu

Virtualization With Xen On CentOS 6.2 (x86_64)

4 Best Free Linux Script Writing Tools

Linux File System Fsck Testing -- The Results Are In

Firefox 11 Gets SPDY

Piracy and the value of freedom

TLWIR 32: Open Sparks Fly, FOSS Players Give Open Advice, and FOSS Petition Gets Key Endorsement

Beware the power of Google?

Google Summer of Code 2012 Kicks Off

How to get started using awk



Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume
:tinysofa Advisory: rsync
tinysofa Advisory: rsync
Aug 17, 2004, 16 :44 UTC (0 Talkback[s]) (2201 reads)

tinysofa Security Advisory #2004-020

Package Name: rsync
Summary: Exposure of System Information
Advisory ID: TSSA-2004-020-ES
Date: 2004-08-16

Affected Products: tinysofa enterprise server 2.0

Description

rsync [0] is a program for synchronizing files over a network.

A vulnerability [1] has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system.

The vulnerability is caused due to an input validation error within the "sanitize_path()" function of the "util.c" file.

Successful exploitation requires that the rsync daemon isn't running chrooted.

The vulnerability affects version 2.6.2 and prior.

Resolution

The rsync package has been updated to address this vulnerability.

References


[0] http://samba.org/rsync/
[1] http://samba.org/rsync/#security_aug04 =20

Recommended Action

We recommend that all systems with these packages installed be upgraded.

Location

All tinysofa updates are available from
<URI:http://http.tinysofa.org/pub/tinysofa/updates/>
<URI:ftp://ftp.tinysofa.org/pub/tinysofa/updates/>

Automatic Updates

Users of the APT tool can enjoy having updates automatically installed using 'apt-get upgrade'.

Questions?

Check out our mailing lists:
<URI:http://www.tinysofa.org/communicate/>

Verification

This advisory is signed with the tinysofa security sign key.
This key is available from:
<URI:http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xAEDCBB4B>

All tinysofa packages are signed with the tinysofa stable sign key.
This key is available from:
<URI:http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0x0F1240A2>

The advisory is available from the tinysofa errata database at
<URI:http://www.tinysofa.org/support/errata/>
or directly at
<URI:http://www.tinysofa.org/support/errata/2004/020.html>

Updated Packages

SRPMS

606db14378c661b0b5ce1bbb3cd87d52 rsync-2.6.2-2ts.src.rpm

i386

7d8ea97c366ae496d266b168c9c172ca rsync-2.6.2-2ts.i386.rpm

--
tinysofa Security Team <security at tinysofa dot org>



No talkbacks posted.
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!

..............................




All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP