|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200504-12] rsnapshot: Local privilege escalation Vulnerability Scan
Vulnerability Scan Summary rsnapshot: Local privilege escalation
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200504-12
(rsnapshot: Local privilege escalation)
The copy_symlink() subroutine in rsnapshot follows symlinks when
changing file ownership, instead of changing the ownership of the
symlink itself.
Impact
Under certain circumstances, local attackers can exploit this
vulnerability to take ownership of arbitrary files, resulting in local
privilege escalation.
Workaround
The copy_symlink() subroutine is not called if the cmd_cp parameter has
been enabled.
References:
http://www.rsnapshot.org/security/2005/001.html
Solution:
All rsnapshot users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose net-misc/rsnapshot
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|