|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-500-1 (rsync)|
|Summary:||Ubuntu USN-500-1 (rsync)|
The remote host is missing an update to rsync
announced via advisory USN-500-1.
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
Sebastian Krahmer discovered that rsync contained an off-by-one
miscalculation when handling certain file paths. By creating a specially
crafted tree of files and tricking an rsync server into processing them,
a remote attacker could write a single NULL to stack memory, possibly
leading to arbitrary code execution.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
In general, a standard system upgrade is sufficient to effect the
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2007-4091|
Bugtraq: 20070823 FLEA-2007-0047-1 rsync (Google Search)
Debian Security Information: DSA-1360 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:017 (Google Search)
BugTraq ID: 25336
XForce ISS Database: rsync-fname-bo(36072)
|Copyright||Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com|
|This is only one of 49323 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.