|Category:||Mandrake Local Security Checks|
|Title:||Mandrake Security Advisory MDVSA-2008:011 (rsync)|
|Summary:||Mandrake Security Advisory MDVSA-2008:011 (rsync)|
The remote host is missing an update to rsync
announced via advisory MDVSA-2008:011.
rsync before 3.0.0pre6, when running a writable rsync daemon that is
not using chroot, allows remote attackers to access restricted files
via unknown vectors that cause rsync to create a symlink that points
outside of the module's hierarchy. (CVE-2007-6199)
Unspecified vulnerability in rsync before 3.0.0pre6, when running a
writable rsync daemon, allows remote attackers to bypass exclude,
exclude_from, and filter and read or write hidden files via (1)
symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest
This update fixes these issues. It is recommended users (specially
system and network administrators) read the manpage about the
introduced munge symlinks feature.
This update also upgrades rsync to version 2.6.9 for all Mandriva
Linux versions earlier than 2008.0.
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
Risk factor : Critical
Common Vulnerability Exposure (CVE) ID: CVE-2007-6199|
Bugtraq: 20080212 FLEA-2008-0004-1 rsync (Google Search)
SuSE Security Announcement: SUSE-SR:2008:001 (Google Search)
BugTraq ID: 26638
Common Vulnerability Exposure (CVE) ID: CVE-2007-6200
BugTraq ID: 26639
|Copyright||Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com|
|This is only one of 38680 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.