aru Posted May 11, 2004 Report Share Posted May 11, 2004 MandrakeSoft Security Advisory MDKSA-2004:042 : rsync May 10th, 2004 Updated rsync packages fixes potential to write outside of directory tree. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. The updated packages provide a patched rsync to correct this problem. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 9.2/AMD64 Multi Network Firewall 8.2 Corporate Server 2.1 10.0 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:042 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0426 http://rsync.samba.org/index.html Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts