[Full-disclosure] FLEA-2008-0004-1 rsync



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2008-0004-1
Published: 2008-02-11

Rating: Minor

Updated Versions:
rsync=/conary.rpath.com@rpl:devel//1/2.6.8-1.2-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.2-0.7-3

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6200
http://wiki.rpath.com/Advisories:rPSA-2007-0257

Description:
Previous versions of the rsync package contain vulnerabilities in the rsync
server, potentially allowing users to bypass security restrictions.
Foresight Linux does not, by default, configure the rsync server to run.

- ---

Copyright 2008 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)

iQIcBAEBAgAGBQJHsVn6AAoJENfwEn07iAtZwnQQAMRLbul3XUwMcqr3bDA6hNib
TeQIap7FSWZeRGv1aRgkjlSiwP9l6QO4vQVvEVybaNCBfDu+lPWmgZXptA+48X/V
rR2kPo/JehB16nAd2lP1KDphLbP7m4MyIN02XLXs3l97ZGINYsUpBC6k7/pRXJk2
IxNDtGxqF0Q1Xt+GqRsBmZpTmjGAFWKRJtnYrT137OdxZSdFx9y+6smSthbNmsSC
j+04lahec/22lWxzD0jzkWOMJGuO6GNi2IKH4X1Bkgqy1IwA2d06viG0l2P6tSRe
kpC0j86DdmC/mPOZWcZQT69blUkhGaCmGjFwQnF+shLHOprCxAdA5wIJTvR1M6/E
AsOdqQLvLHzyRbxvmw7VwW613NGW5+LJlxA1Z7UTiZ/hoYBMisbehTNWS/HhfQP+
EhLO2cwK5r7uvTMWBCyq+2/EKAXeLvwGRsWu7ZSLjVmfPPEj8KUC0ZxlHTVQPkyd
8abhgPMPi88VBJFtzVmtszlywMjEkOpFcFsLmI1e/0pClyZiAfWYe4VyXyvKraWS
eJi5sPKcH8fvSG+XwRZYwji3kXe9u0SVWaquLDYakEa2qCfufUNuln7YYRsDEAHf
kOTJCvrpkh4HtaZYVUmW8vnxuuaXs+ijdvFwHdCEnWA5ivESlufLpstSTJJKPNQY
pFkqrZGJmVzKi525BCCf
=65R6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • FLEA-2008-0004-1 rsync
    ... Previous versions of the rsync package contain vulnerabilities in the rsync ... Foresight Linux does not, by default, configure the rsync server to run. ...
    (Bugtraq)
  • [UNIX] Rsync Heap Overflow
    ... Get your security news from a reliable source. ... The rsync team has received evidence that a vulnerability in rsync was ... compromise the security of a public rsync server. ...
    (Securiteam)
  • Re: [opensuse] Re: How to mirror rpms with rsync from OSB?
    ... no matter what you do, you can't get around the: ... the server does what it is supposed to do no matter how you escape or quote the ... This is rsync.opensuse.org, public rsync server of openSUSE.org, ...
    (SuSE)
  • Re: RSYNC von OES NetWare zu OES Linux
    ... If you are using NetWare as your Rsync server and it uses a codepage ... RSYNC von Netware NSS auf OES2 ext3 ist das Ziel. ...
    (de.comp.sys.novell)
  • Re: making backup using rsync in home LAN
    ... my rsync server is my Debian Testing on a P4 ... > implement a method with which the Testing desktop would backup certain ... If you are on a private network, you can use rsync over rsh from your ... laptop to the backup server. ...
    (Debian-User)