NetWinder.org - NetWinder security advisory Page

NAVIGATION

About
News
Support

Downloads
- Search
- Mirrors
- Auto update

Documentation
- FAQ
- HOWTOs
- ARM info
- Crusoe info

Development
- Toolchain
- Autobuild
- Users

Sponsored by:

NetWinder security advisory

ID	2003-005
Issued	2003-Dec-06
Package	rsync
Summary	Remote vulnerability in rsync
Category	Heap overflow
Severity	High (potential remote root compromise)
Products	Gonzo nw-9

DESCRIPTION

rsync is a program for sychronizing files over the network. While not enabled by default, the server component is vulnerable to a heap overflow, which could allow arbitrary code execution. Coupled with the recent do_brk() kernel bug, this could lead to remote root compromise.

SOLUTION

Download the following RPM packages to the NetWinder into a temporary directory, then install them with the command "rpm -Uvh *.rpm". Be sure there are no other files ending in ".rpm" in the temporary directory. See http://www.netwinder.org/security/install.html for more help.

Required packages

ftp://ftp.netwinder.org/pub/netwinder/updates/nw-9/armv4l/rsync-2.5.7-0.9.armv4l.rpm

Optional packages

ftp://ftp.netwinder.org/pub/netwinder/updates/nw-9/SRPMS/rsync-2.5.7-0.9.src.rpm

REFERENCES

https://rhn.redhat.com/errata/RHSA-2003-398.html
http://rsync.samba.org/