Slackware Advisory SSA:2003-337-01 Rsync Security Update Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2003-337-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2003-337-01

Insight

Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, and is easier to exploit if the non-default option 'use chroot = no' is used in the /etc/rsyncd.conf config file. Any sites running an rsync server should upgrade immediately. For complete information, see the rsync home page: http://rsync.samba.org

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2004-111-01 xine security update
Slackware Advisory SSA:2006-340-01 gnupg
Slackware Advisory SSA:2004-136-01 mc
Slackware Advisory SSA:2005-251-02 mod_ssl
Slackware Advisory SSA:2005-251-04 php5 in Slackware 10.1

Slackware Advisory SSA:2003-337-01 rsync security update

Take action and discover your vulnerabilities