Ubuntu Local Security Checks : Ubuntu USN-600-1 (rsync)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.60829

Category: Ubuntu Local Security Checks

Title: Ubuntu USN-600-1 (rsync)

Summary: Ubuntu USN-600-1 (rsync)

Description:
The remote host is missing an update to rsync
announced via advisory USN-600-1.

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

Sebastian Krahmer discovered that rsync could overflow when handling ACLs.
An attacker could construct a malicious set of files that when processed
by rsync could lead to arbitrary code execution or a crash.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
rsync 2.6.9-3ubuntu1.2

Ubuntu 7.10:
rsync 2.6.9-5ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-600-1

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1720
http://www.mail-archive.com/rsync-announce@lists.samba.org/msg00057.html
Debian Security Information: DSA-1545 (Google Search)
http://www.debian.org/security/2008/dsa-1545
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html
http://security.gentoo.org/glsa/glsa-200804-16.xml
HPdes Security Advisory: HPSBMA02447
http://marc.info/?l=bugtraq&m=125017764422557&w=2
HPdes Security Advisory: SSRT090062
http://www.mandriva.com/security/advisories?name=MDVSA-2008:084
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://www.ubuntulinux.org/support/documentation/usn/usn-600-1
BugTraq ID: 28726
http://www.securityfocus.com/bid/28726
http://www.vupen.com/english/advisories/2008/1191/references
http://www.vupen.com/english/advisories/2008/1215/references
http://www.osvdb.org/44368
http://www.osvdb.org/44369
http://www.securitytracker.com/id?1019835
http://secunia.com/advisories/29668
http://secunia.com/advisories/29770
http://secunia.com/advisories/29777
http://secunia.com/advisories/29781
http://secunia.com/advisories/29856
http://secunia.com/advisories/29861
http://secunia.com/advisories/29788
XForce ISS Database: rsync-xattr-bo(41766)
http://xforce.iss.net/xforce/xfdb/41766

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.60829
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-600-1 (rsync)
Summary:	Ubuntu USN-600-1 (rsync)
Description:	The remote host is missing an update to rsync announced via advisory USN-600-1. A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: Sebastian Krahmer discovered that rsync could overflow when handling ACLs. An attacker could construct a malicious set of files that when processed by rsync could lead to arbitrary code execution or a crash. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: rsync 2.6.9-3ubuntu1.2 Ubuntu 7.10: rsync 2.6.9-5ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-600-1 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1720 http://www.mail-archive.com/rsync-announce@lists.samba.org/msg00057.html Debian Security Information: DSA-1545 (Google Search) http://www.debian.org/security/2008/dsa-1545 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html http://security.gentoo.org/glsa/glsa-200804-16.xml HPdes Security Advisory: HPSBMA02447 http://marc.info/?l=bugtraq&m=125017764422557&w=2 HPdes Security Advisory: SSRT090062 http://www.mandriva.com/security/advisories?name=MDVSA-2008:084 SuSE Security Announcement: SUSE-SR:2008:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://www.ubuntulinux.org/support/documentation/usn/usn-600-1 BugTraq ID: 28726 http://www.securityfocus.com/bid/28726 http://www.vupen.com/english/advisories/2008/1191/references http://www.vupen.com/english/advisories/2008/1215/references http://www.osvdb.org/44368 http://www.osvdb.org/44369 http://www.securitytracker.com/id?1019835 http://secunia.com/advisories/29668 http://secunia.com/advisories/29770 http://secunia.com/advisories/29777 http://secunia.com/advisories/29781 http://secunia.com/advisories/29856 http://secunia.com/advisories/29861 http://secunia.com/advisories/29788 XForce ISS Database: rsync-xattr-bo(41766) http://xforce.iss.net/xforce/xfdb/41766
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com