Description: | Description:
The remote host is missing an update to rsync announced via advisory USN-500-1.
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
Details follow:
Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to arbitrary code execution.
Solution: The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: rsync 2.6.6-1ubuntu2.1
Ubuntu 6.10: rsync 2.6.8-2ubuntu3.1
Ubuntu 7.04: rsync 2.6.9-3ubuntu1.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
http://www.securityspace.com/smysecure/catid.html?in=USN-500-1
Risk factor : High
CVSS Score: 6.8
|