Slackware 8.1 / 9.0 / 9.1 / current : rsync update (SSA:2004-124-01)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

New rsync packages are available for Slackware 8.1, 9.0, 9.1, and
-current to fix a security issue. When running an rsync server without
the chroot option it is possible for an attacker to write outside of
the allowed directory. Any sites running rsync in that mode should
upgrade right away (and should probably look into using the chroot
option as well).

See also :

http://www.nessus.org/u?9b9e9da7

Solution :

Update the affected rsync package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Slackware Local Security Checks

Nessus Plugin ID: 18768 ()

Bugtraq ID:

CVE ID: CVE-2004-0426