|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200407-10] rsync: Directory traversal in rsync daemon Vulnerability Scan
Vulnerability Scan Summary rsync: Directory traversal in rsync daemon
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200407-10
(rsync: Directory traversal in rsync daemon)
When rsyncd is used without chroot ("use chroot = false" in the rsyncd.conf
file), the paths sent by the client are not checked thoroughly enough. If
rsyncd is used with read-write permissions ("read only = false"), this
vulnerability can be used to write files anywhere with the rights of the
rsyncd daemon. With default Gentoo installations, rsyncd runs in a chroot,
without write permissions and with the rights of the "nobody" user.
Impact
On affected configurations and if the rsync daemon runs under a privileged
user, a remote client can exploit this vulnerability to completely
compromise the host.
Workaround
You should never set the rsync daemon to run with "use chroot = false". If
for some reason you have to run rsyncd without a chroot, then you should
not set "read only = false".
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426
Solution:
All users should update to the latest version of the rsync package.
# emerge sync
# emerge -pv ">=net-misc/rsync-2.6.0-r2"
# emerge ">=net-misc/rsync-2.6.0-r2"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|