SUSE-SA:2004:026: rsync

Medium Nessus Plugin ID 14276


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2004:026 (rsync).

The rsync-team released an advisory about a security problem in rsync.
If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it.

As a result it is possible to read/write from/to files outside the rsync directory.

NOTE: SUSE LINUX ships the rsync daemon with a chroot environment enabled by default, therefore the default setup is not vulnerable.


Plugin Details

Severity: Medium

ID: 14276

File Name: suse_SA_2004_026.nasl

Version: $Revision: 1.5 $

Agent: unix

Published: 2004/08/16

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list