Mandrake Linux Security Advisory : rsync (MDKSA-2002:009)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Sebastian Krahmer of the SuSE Security Team performed an audit on the
rsync tool and discovered that in several places signed and unsigned
numbers were mixed, with the end result being insecure code. These
flaws could be abused by remote users to write 0 bytes into rsync's
memory and trick rsync into executing arbitrary code on the server.

It is recommended that all Mandrake Linux users update rsync
immediately. As well, rsync server administrators should seriously
consider making use of the 'use chroot', 'read only', and 'uid'
options as these can significantly reduce the impact that security
problems in rsync (or elsewhere) have on the server.

Solution :

Update the affected rsync package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13917 (mandrake_MDKSA-2002-009.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0048

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now