Vulnerability Note VU#800635
rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution
Overview
There exist several signed-integer vulnerabilities in rsync. If rsync is run as a daemon, a remote-root compromise may be possible.
Description
Included in most distributions of Linux, rsync is a popular tool for synchronizing files across multiple hosts. Though not enabled in the default configuration, rsync can be run as a daemon to facilitate the distribution of files to FTP mirror sites. Researchers have found several vulnerabilities in rsync, resulting from the use of signed integer variables. If rsync receives negative integers where it expects positive integers, it can forced to overwrite arbitrary bytes of the stack with zeroes (null-bytes). |
Impact
The rsync process can be used to exploited to execute arbitrary code. If rsync is run as a daemon, a remote attacker can execute arbitrary code as the owner of the rsync process, generally root. |
Solution
Apply a patch from your vendor. |
Use the "chroot" option in the rsync config file to limit rsync's access to the filesystem. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Caldera | Affected | 29 Jan 2002 | 14 Sep 2002 |
| Conectiva | Affected | - | 06 Jun 2002 |
| Debian | Affected | 29 Jan 2002 | 06 Jun 2002 |
| Guardian Digital | Affected | - | 16 Sep 2002 |
| Hewlett-Packard Company | Affected | 29 Jan 2002 | 06 Jun 2002 |
| MandrakeSoft | Affected | 29 Jan 2002 | 06 Jun 2002 |
| IBM-zSeries | Unknown | 29 Jan 2002 | 06 Jun 2002 |
| Sequent | Unknown | 29 Jan 2002 | 06 Jun 2002 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- None
Credit
Thanks to Conectiva for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
Other Information
- CVE IDs: CAN-2002-0048
- Date Public: 25 Jan 2002
- Date First Published: 16 Sep 2002
- Date Last Updated: 16 Sep 2002
- Severity Metric: 15.26
- Document Revision: 10
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.