OpenBSD Information for VU#325603
Integer overflow vulnerability in rsync
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 08 Dec 2003
A heap overflow exists in rsync versions 2.5.6 and below that can
be used by an attacker to run arbitrary code. The bug only affects
rsync in server (daemon) mode and occurs *after* rsync has dropped
privileges. By default, server will chroot(2) to the root of the
file tree being served which significantly mitigates the impact of
the bug. Installations that disable this behavior by placing "use
chroot = no" in rsyncd.conf are vulnerable to attack.
Sites that do run rsync in server mode should update their rsync
package as soon as possible. The rsync port has been updated in
the 3.3 and 3.4 -stable branches and a new binary package has been
built for OpenBSD 3.4/i386. It can be downloaded from:
For more information on the bug, see:
For more information on packages errata, see:
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.