Mandrake Linux Security Advisory : rsync (MDKSA-2004:083)
Medium Nessus Plugin ID 14332
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionAn advisory was sent out by the rsync team regarding a security vulnerability in all versions of rsync prior to and including 2.6.2.
If rsync is running in daemon mode, and not in a chrooted environment, it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. This vulnerability allows a remote attacker to possibly read/write to/from files outside of the rsync directory.
The updated packages are patched to prevent this problem.
SolutionUpdate the affected rsync package.