lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040816153147.GB9523@tinysofa.org>
Date: Tue, 17 Aug 2004 01:31:47 +1000
From: tinysofa Security Team <security@...ysofa.org>
To: bugtraq@...urityfocus.com
Subject: TSSA-2004-020-ES - rsync

 ===========================================================================
                                             _     
                         |_ .  _      _  _  (_  _  
                         |_ | | ) \/ _) (_) |  (_| 
                                  /                


                       Security Advisory  #2004-020

 Package Name:      rsync
 Summary:           Exposure of System Information
 Advisory ID:       TSSA-2004-020-ES
 Date:              2004-08-16
 Affected Products: tinysofa enterprise server 2.0

 ===========================================================================

 Description
 -----------

    rsync [0] is a program for synchronizing files over a network.

    A vulnerability [1] has been reported in rsync, which potentially can be 
    exploited by malicious users to read or write arbitrary files on a 
    vulnerable system.

    The vulnerability is caused due to an input validation error within the 
    "sanitize_path()" function of the "util.c" file.

    Successful exploitation requires that the rsync daemon isn't running 
    chrooted.

    The vulnerability affects version 2.6.2 and prior.    

 Resolution
 ----------

    The rsync package has been updated to address this vulnerability.

 References
 ----------
   
    [0] http://samba.org/rsync/
    [1] http://samba.org/rsync/#security_aug04
 

 Recommended Action
 ==================

  We recommend that all systems with these packages installed be upgraded.


 Location
 ========

  All tinysofa updates are available from
  <URI:http://http.tinysofa.org/pub/tinysofa/updates/>
  <URI:ftp://ftp.tinysofa.org/pub/tinysofa/updates/>


 Automatic Updates
 =================

  Users of the APT tool can enjoy having updates automatically
  installed using 'apt-get upgrade'.


 Questions?
 ==========

  Check out our mailing lists:
  <URI:http://www.tinysofa.org/communicate/>


 Verification
 ============

  This advisory is signed with the tinysofa security sign key.
  This key is available from:
  <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAEDCBB4B>

  All tinysofa packages are signed with the tinysofa stable sign key.
  This key is available from:
  <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0F1240A2>

  The advisory is available from the tinysofa errata database at
  <URI:http://www.tinysofa.org/support/errata/>
  or directly at
  <URI:http://www.tinysofa.org/support/errata/2004/020.html>


 Updated Packages
 ================

  SRPMS
  -----

  606db14378c661b0b5ce1bbb3cd87d52  rsync-2.6.2-2ts.src.rpm

  i386
  ----

  7d8ea97c366ae496d266b168c9c172ca  rsync-2.6.2-2ts.i386.rpm


 --
 tinysofa Security Team <security at tinysofa dot org>

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ