Caldera Advisory: rsync supplementary groups | Linux Today
Security
SHARE
Facebook X Pinterest WhatsApp

Caldera Advisory: rsync supplementary groups

Written By
Web Webster
Web Webster
Apr 4, 2002 
____________________________________________________________________________

                Caldera International, Inc.  Security Advisory

Subject:                Linux: rsync supplementary groups vulnerability
Advisory number:        CSSA-2002-014.0
Issue date:             2002, April 03
Cross reference:
____________________________________________________________________________


1. Problem Description

        Supplementary groups to which the rsync daemon belongs (such as
        root) were not removed from the server process before it performed
        work as an unprivileged uid and gid. The rsync daemon was also
        compiled with a vulnerable version of the zlib library. This
        package corrects both these issues.


2. Vulnerable Supported Versions

        System                          Package
        -----------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to rsync-2.5.0-5.i386.rpm/
                                        prior to rsync-2.5.0-5.src.rpm/

        OpenLinux 3.1.1 Workstation     prior to rsync-2.5.0-5.i386.rpm/
                                        prior to rsync-2.5.0-5.src.rpm/


3. Solution

        The proper solution is to install the latest packages.

4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

        2c8f978df12dabf073361c86f7012210        rsync-2.5.0-5.i386.rpm/

        4.2 Installation

        Install the packages with the following sequence:
                
                rpm -Fvh  
                        rsync-2.5.0-5.i386.rpm/
                
        4.3 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

        bffd618c0ad88252b35c33ac821253ad        rsync-2.5.0-5.src.rpm/


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

        2c8f978df12dabf073361c86f7012210        rsync-2.5.0-5.i386.rpm/

        5.2 Installation

        Install the packages with the following sequence:
                
                rpm -Fvh 
                        rsync-2.5.0-5.i386.rpm/
                
        5.3 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

        bffd618c0ad88252b35c33ac821253ad        rsync-2.5.0-5.src.rpm/


6. References

        Specific references for this advisory:
                none


        Caldera OpenLinux security resources:
                http://www.caldera.com/support/security/index.html

        Caldera UNIX security resources:
                http://stage.caldera.com/support/security/

        This security fix closes Caldera incidents sr862089, fz520415,
        and erg711995.


7. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on this website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera products.


8. Acknowledgements

        Ethan Benson discovered and researched this vulnerability.

____________________________________________________________________________


--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyrmgoACgkQbluZssSXDTEVcQCg9uiPgzgfPvPXkxJwm1HOXfd5
LAAAn1SreMOXu8Dur7Du2Fg/Z53yyTqr
=hkLL
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information