MandrivaUsers.org > Security Advisory (MDKSA-2004:042): rsync

Full Version: Security Advisory (MDKSA-2004:042): rsync

MandrivaUsers.org > Announcements > Mandriva Security Advisories

aru

May 11 2004, 01:55 AM

MandrakeSoft Security Advisory MDKSA-2004:042 : rsync

May 10th, 2004
Updated rsync packages fixes potential to write outside of directory tree.

Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path.

The updated packages provide a patched rsync to correct this problem.

The released versions of Mandrake GNU/Linux affected are:

9.1
9.2
9.2/AMD64
Multi Network Firewall 8.2
Corporate Server 2.1
10.0

Full information about this advisory, including the updated packages, is available at:
www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:042

Other references:
http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0426
http://rsync.samba.org/index.html

Posted automatically by aru (mdksec2mub v0.0.8)

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.