Test ID:	1.3.6.1.4.1.25623.1.0.60842
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:084 (rsync)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to rsync announced via advisory MDVSA-2008:084. Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attakcer could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash (CVE-2008-1720). The updated packages have been patched to correct this issue. Affected: 2007.0, 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:084 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1720 1019835 http://www.securitytracker.com/id?1019835 28726 http://www.securityfocus.com/bid/28726 29668 http://secunia.com/advisories/29668 29770 http://secunia.com/advisories/29770 29777 http://secunia.com/advisories/29777 29781 http://secunia.com/advisories/29781 29788 http://secunia.com/advisories/29788 29856 http://secunia.com/advisories/29856 29861 http://secunia.com/advisories/29861 44368 http://www.osvdb.org/44368 44369 http://www.osvdb.org/44369 ADV-2008-1191 http://www.vupen.com/english/advisories/2008/1191/references ADV-2008-1215 http://www.vupen.com/english/advisories/2008/1215/references DSA-1545 http://www.debian.org/security/2008/dsa-1545 FEDORA-2008-3047 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html FEDORA-2008-3060 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html GLSA-200804-16 http://security.gentoo.org/glsa/glsa-200804-16.xml HPSBMA02447 http://marc.info/?l=bugtraq&m=125017764422557&w=2 MDVSA-2008:084 http://www.mandriva.com/security/advisories?name=MDVSA-2008:084 SSRT090062 SUSE-SR:2008:011 http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html USN-600-1 https://usn.ubuntu.com/600-1/ [rsync-announce] 20080408 Rsync 3.0.2 released w/xattr security fix (attn: 2.6.9 onward) http://www.mail-archive.com/rsync-announce%40lists.samba.org/msg00057.html http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff http://samba.anu.edu.au/rsync/security.html#s3_0_2 http://sourceforge.net/project/shownotes.php?release_id=591462&group_id=69227 rsync-xattr-bo(41766) https://exchange.xforce.ibmcloud.com/vulnerabilities/41766
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.