|
Family: Debian Local Security Checks --> Category: infos
[DSA106] DSA-106-2 rsync Vulnerability Scan
Vulnerability Scan Summary DSA-106-2 rsync
Detailed Explanation for this Vulnerability Test
Sebastian Krahmer found several places in rsync (a popular tool to synchronise files between machines)
where signed and unsigned numbers
were mixed which resulted in insecure code (see
href="http://online.securityfocus.com/bid/3958">securityfocus.com).
This could be abused by
remote users to write 0-bytes in rsync's memory and trick rsync into
executing arbitrary code.
This has been fixed in version 2.3.2-1.3 and we recommend you upgrade
your rsync package immediately.
Unfortunately the patch used to fix that problem broke rsync.
This has been fixed in version 2.3.2-1.5 and we recommend you
upgrade to that version immediately.
Solution : http://www.debian.org/security/2002/dsa-106
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|