Original released date : 31 Aug 2004
Last revised : 31 Aug 2004
Package : rsync
Summary : path-sanitizing bug
More information :
rsync uses the "rsync algorithm" which provides a very fast method for bringing
remote files into sync. It does this by sending just the differences in files
across a link, without requiring that both sets of files be present at one of
the ends of the beforehand.
A vulnerability has been discovered in rsync in the sanitize_path function
in file util.c which allows attackers to read and/or write certain files when chroot is disabled.
The remote attackers may be able to read and write the file which cannot be read and write.