Home page logo

bugtraq logo Bugtraq mailing list archives

TSSA-2004-020-ES - rsync
From: tinysofa Security Team <security () tinysofa org>
Date: Tue, 17 Aug 2004 01:31:47 +1000

                         |_ .  _      _  _  (_  _  
                         |_ | | ) \/ _) (_) |  (_| 

                       Security Advisory  #2004-020

 Package Name:      rsync
 Summary:           Exposure of System Information
 Advisory ID:       TSSA-2004-020-ES
 Date:              2004-08-16
 Affected Products: tinysofa enterprise server 2.0



    rsync [0] is a program for synchronizing files over a network.

    A vulnerability [1] has been reported in rsync, which potentially can be 
    exploited by malicious users to read or write arbitrary files on a 
    vulnerable system.

    The vulnerability is caused due to an input validation error within the 
    "sanitize_path()" function of the "util.c" file.

    Successful exploitation requires that the rsync daemon isn't running 

    The vulnerability affects version 2.6.2 and prior.    


    The rsync package has been updated to address this vulnerability.

    [0] http://samba.org/rsync/
    [1] http://samba.org/rsync/#security_aug04

 Recommended Action

  We recommend that all systems with these packages installed be upgraded.


  All tinysofa updates are available from

 Automatic Updates

  Users of the APT tool can enjoy having updates automatically
  installed using 'apt-get upgrade'.


  Check out our mailing lists:


  This advisory is signed with the tinysofa security sign key.
  This key is available from:

  All tinysofa packages are signed with the tinysofa stable sign key.
  This key is available from:

  The advisory is available from the tinysofa errata database at
  or directly at

 Updated Packages


  606db14378c661b0b5ce1bbb3cd87d52  rsync-2.6.2-2ts.src.rpm


  7d8ea97c366ae496d266b168c9c172ca  rsync-2.6.2-2ts.i386.rpm

 tinysofa Security Team <security at tinysofa dot org>

Attachment: _bin

  By Date           By Thread  

Current thread:
  • TSSA-2004-020-ES - rsync tinysofa Security Team (Aug 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]