Test ID:	1.3.6.1.4.1.25623.1.0.53876
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2003-337-01)
Summary:	The remote host is missing an update for the 'rsync' package(s) announced via the SSA:2003-337-01 advisory.
Description:	Summary: The remote host is missing an update for the 'rsync' package(s) announced via the SSA:2003-337-01 advisory. Vulnerability Insight: Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, and is easier to exploit if the non-default option 'use chroot = no' is used in the /etc/rsyncd.conf config file. Any sites running an rsync server should upgrade immediately. For complete information, see the rsync home page: [link moved to references] Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Wed Dec 3 22:18:35 PST 2003 patches/packages/rsync-2.5.7-i486-1.tgz: Upgraded to rsync-2.5.7. From the rsync-2.5.7-NEWS file: SECURITY: * Fix buffer handling bugs. (Andrew Tridgell, Martin Pool, Paul Russell, Andrea Barisani) The vulnerability affects sites running rsync in daemon mode (rsync servers). These sites should be upgraded immediately. (* Security fix *) +--------------------------+ Affected Software/OS: 'rsync' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.