[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] rsync remote root exploit



Topic
=====
remote root exploit in rsync

Problem Description
===================
The rsync program allows users and administrators to synchronize files and
whole directory structures on different machines. 
There exist several signedness bugs within the rsync program which allow
remote attackers to write 0-bytes to almost arbitrary stack-locations,
therefore being able to control the programflow and obtaining a shell
remotely.

Affected Systems
================
rsync versions < 2.5.2

Workaround (recomended)
=======================
Unistall rsync: rpm -e rsync
All "r" commands are insecure. Do not use them. Do not enable them.
rsync is particularly bad as it uses its own protocol and may even be
used in a standalone rsync daemon mode.

If you must syncronize files between machines, use rdist instead, which
is based on the rsh protocol.

Solution
========
upgrade to rsync-2.5.2 or a patched version for your distribution.

RedHat 6.x
----------
rpm -Fvh rsync-2.4.6-0.6.i386.rpm

RedHat 7.x
----------
rpm -Fvh rsync-2.4.6-8.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to rsync_2.3.2-1.3_i386.deb