Slackware Advisory SSA:2004-124-01 Rsync Update Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2004-124-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-124-01

Insight

New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away (and should probably look into using the chroot option as well). More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426

Severity

Classification

CVE CVE-2004-0426
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Slackware Advisory SSA:2006-129-02 mysql
Slackware Advisory SSA:2005-310-05 PHP
Slackware Advisory SSA:2004-266-01 CUPS DoS
Slackware Advisory SSA:2004-077-01 OpenSSL security update
Slackware Advisory SSA:2003-141-06a REVISED quotacheck security fix in rc.M

Slackware Advisory SSA:2004-124-01 rsync update

Take action and discover your vulnerabilities