|
Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2004:026: rsync Vulnerability Scan
Vulnerability Scan Summary Check for the version of the rsync package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2004:026 (rsync).
The rsync-team released an advisory about a security problem in rsync.
If rsync is running in daemon-mode and without a chroot environment it
is possible for a remote attacker to trick rsyncd into creating an
absolute pathname while sanitizing it.
As a result it is possible to read/write from/to files outside the
rsync directory.
NOTE: SUSE LINUX ships the rsync daemon with a chroot environment enabled
by default, therefore the default setup is not vulnerable.
Solution : http://www.suse.de/security/2004_26_rsync.html
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|