tinysofa Advisory: rsyncAug 17, 2004, 16:44 (0 Talkback[s])
tinysofa Security Advisory #2004-020
Package Name: rsync
Affected Products: tinysofa enterprise server 2.0
rsync  is a program for synchronizing files over a network.
A vulnerability  has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system.
The vulnerability is caused due to an input validation error within the "sanitize_path()" function of the "util.c" file.
Successful exploitation requires that the rsync daemon isn't running chrooted.
The vulnerability affects version 2.6.2 and prior.
The rsync package has been updated to address this vulnerability.
 http://samba.org/rsync/#security_aug04 =20
We recommend that all systems with these packages installed be upgraded.
Users of the APT tool can enjoy having updates automatically installed using 'apt-get upgrade'.
Check out our mailing lists:
This advisory is signed with the tinysofa security sign key.
All tinysofa packages are signed with the tinysofa stable sign
The advisory is available from the tinysofa errata database
0 Talkback[s] (click to add your comment)