|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#325603
Integer overflow vulnerability in rsync
OverviewSome versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system.
I. Descriptionrsync is an open source utility that provides fast incremental file transfer. It features the ability to operate as either a client or server when transferring data over a network.
An integer overflow error has been discovered in a portion of rsync's memory handling routines. An attacker sending an extremely large, specifically crafted file may be able to exploit this error to execute arbitrary code from the heap of the rsync process address space. This error results in a vulnerability primarily when the rsync program is used in server mode, accepting input from remote clients over the network.
Versions of the rsync software 2.5.6 and earlier contain this flaw. Note: We have received reports of this vulnerability being used to successfully compromise systems.
II. ImpactAn attacker may be able to execute arbitrary code in the context of the user running the rsync server, often root.
III. SolutionApply patches
rsync version 2.5.7 has been released and contains patches to address this vulnerability.
Users using packaged versions of the rsync software are encouraged to review the vendor information in the Systems Affected section of this document for more details. Users compiling the rsync software from the distribution source code can obtain the patched version from the rsync homepage.
Workarounds
Administrators, particularly those who are unable to apply the patches in a timely fashion, are encouraged to consider implementing the following workarounds:
- Disable the rsync service on systems that do not require it to be running.
- Filter access to the rsync service. The rsync service normally runs on port 873/tcp. Limiting access to this port from trusted clients may reduce exposure to this vulnerability.
Systems Affected
References
http://www.mail-archive.com/rsync@lists.samba.org/msg08271.html
http://www.secunia.com/advisories/10353/
http://www.secunia.com/advisories/10354/
http://www.secunia.com/advisories/10355/
http://www.secunia.com/advisories/10356/
http://www.secunia.com/advisories/10357/
http://www.secunia.com/advisories/10358/
http://www.secunia.com/advisories/10359/
http://www.secunia.com/advisories/10360/
http://www.secunia.com/advisories/10361/
http://www.secunia.com/advisories/10362/
http://www.secunia.com/advisories/10363/
http://www.secunia.com/advisories/10364/
http://www.secunia.com/advisories/10378/
http://www.secunia.com/advisories/10474/
Credit
Timo Sirainen originally discovered and reported this vulnerability. The rsync development team credits Mike Warfield, Paul Russell, and Andrea Barisani with providing additional information that led to the development of a fix and advisory.
This document was written by Chad R Dougherty.
Other Information
| Date Public: | 2003-10-03 |
| Date First Published: | 2003-12-09 |
| Date Last Updated: | 2006-05-01 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2003-0962 |
| NVD-ID(s): | CVE-2003-0962 |
| US-CERT Technical Alerts: | |
| Metric: | 29.40 |
| Document Revision: | 28 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader