Family: Red Hat Local Security Checks --> Category: infos
RHSA-2004-192: rsync Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the rsync packages
Detailed Explanation for this Vulnerability Test
An updated rsync package that fixes a directory traversal security flaw is
Rsync is a program for synchronizing files over a network.
Rsync before 2.6.1 does not properly sanitize paths when running a
read/write daemon without using chroot. This could allow a remote attacker
to write files outside of the module's "path", depending on the rights
assigned to the rsync daemon. Users not running an rsync daemon, running a
read-only daemon, or running a chrooted daemon are not affected by this
issue. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2004-0426 to this issue.
Users of Rsync are advised to upgrade to this updated package, which
contains a backported patch and is not affected by this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2004-192.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.