Executive Summary
Summary | |
---|---|
Title | rsync security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0999 | First vendor Publication | 2011-07-21 |
Vendor | RedHat | Last vendor Modification | 2011-07-21 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated rsync package that fixes one security issue, several bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: rsync is a program for synchronizing files over a network. A flaw was found in the way the rsync daemon handled the "filter", "exclude", and "exclude from" options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this flaw to bypass those restrictions by using certain command line options and symbolic links, allowing the attacker to overwrite those files if they knew their file names and had write access to them. (CVE-2007-6200) Note: This issue only affected users running rsync as a writable daemon: "read only" set to "false" in the rsync configuration file (for example, "/etc/rsyncd.conf"). By default, this option is set to "true". This update also fixes the following bugs: * The rsync package has been upgraded to upstream version 3.0.6, which provides a number of bug fixes and enhancements over the previous version. (BZ#339971) * When running an rsync daemon that was receiving files, a deferred info, error or log message could have been sent directly to the sender instead of being handled by the "rwrite()" function in the generator. Also, under certain circumstances, a deferred info or error message from the receiver could have bypassed the log file and could have been sent only to the client process. As a result, an "unexpected tag 3" fatal error could have been displayed. These problems have been fixed in this update so that an rsync daemon receiving files now works as expected. (BZ#471182) * Prior to this update, the rsync daemon called a number of timezone-using functions after doing a chroot. As a result, certain C libraries were unable to generate proper timestamps from inside a chrooted daemon. This bug has been fixed in this update so that the rsync daemon now calls the respective timezone-using functions prior to doing a chroot, and proper timestamps are now generated as expected. (BZ#575022) * When running rsync under a non-root user with the "-A" ("--acls") option and without using the "--numeric-ids" option, if there was an Access Control List (ACL) that included a group entry for a group that the respective user was not a member of on the receiving side, the "acl_set_file()" function returned an invalid argument value ("EINVAL"). This was caused by rsync mistakenly mapping the group name to the Group ID "GID_NONE" ("-1"), which failed. The bug has been fixed in this update so that no invalid argument is returned and rsync works as expected. (BZ#616093) * When creating a sparse file that was zero blocks long, the "rsync - --sparse" command did not properly truncate the sparse file at the end of the copy transaction. As a result, the file size was bigger than expected. This bug has been fixed in this update by properly truncating the file so that rsync now copies such files as expected. (BZ#530866) * Under certain circumstances, when using rsync in daemon mode, rsync generator instances could have entered an infinitive loop, trying to write an error message for the receiver to an invalid socket. This problem has been fixed in this update by adding a new sibling message: when the receiver is reporting a socket-read error, the generator will notice this fact and avoid writing an error message down the socket, allowing it to close down gracefully when the pipe from the receiver closes. (BZ#690148) * Prior to this update, there were missing deallocations found in the "start_client()" function. This bug has been fixed in this update and no longer occurs. (BZ#700450) All users of rsync are advised to upgrade to this updated package, which resolves these issues and adds enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 339971 - [RFE] Rebase rsync packages to version 3 407171 - CVE-2007-6200 rsync excluded content access restrictions bypass via symlinks 471182 - rsync errors: unexpected tag 3 [sender] 530866 - rsync --sparse does not properly copy sparse files 575022 - rsyncd gets confused with timezones when logging to syslog 616093 - EINVAL (Invalid argument) setting group --acls 690148 - Rsync instances stay in memory when using in daemon mode 700450 - Resource leaks revealed by Coverity scan. |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0999.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21980 | |||
Oval ID: | oval:org.mitre.oval:def:21980 | ||
Title: | RHSA-2011:0999: rsync security, bug fix, and enhancement update (Moderate) | ||
Description: | Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0999-01 CESA-2011:0999 CVE-2007-6200 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | rsync |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23344 | |||
Oval ID: | oval:org.mitre.oval:def:23344 | ||
Title: | ELSA-2011:0999: rsync security, bug fix, and enhancement update (Moderate) | ||
Description: | Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0999-01 CVE-2007-6200 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | rsync |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28107 | |||
Oval ID: | oval:org.mitre.oval:def:28107 | ||
Title: | DEPRECATED: ELSA-2011-0999 -- rsync security, bug fix, and enhancement update (moderate) | ||
Description: | [3.0.6-4] - fix #700450 - free parsed hostnames - fix #575022 - set TZ variable after chroot [3.0.6-3] - Add upstream patch to fix CVE-2011-1097 - Incremental file-list corruption due to temporary file_extra_cnt increments Resolves: #688923 [3.0.6-2] - Remove BuildRequires dependency on popt-devel, until the package is being shipped with RHEL-5 (resolve build issues) [3.0.6-1] - Rebase to upstream version 3.0.6 Resolves: #339971, #471182, #575022, #616093 - Make '-d, --dirs options' behaviour backward-compatible with 2.6.8 Resolves: #339971 (comment #5) - Truncate a copied sparse file at the end of transaction (-S, --sparse option) Resolves: #530866 - Add -fno-strict-aliasing to CFLAGS - Remove obsolete rsync-2.6.8-xattr_bug.patch - Switch license to GPLv3+ (upstream change beginning with 3.0.0) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0999 CVE-2007-6200 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | rsync |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for rsync CESA-2011:0999 centos5 x86_64 File : nvt/gb_CESA-2011_0999_rsync_centos5_x86_64.nasl |
2011-09-23 | Name : CentOS Update for rsync CESA-2011:0999 centos5 i386 File : nvt/gb_CESA-2011_0999_rsync_centos5_i386.nasl |
2011-07-22 | Name : RedHat Update for rsync RHSA-2011:0999-01 File : nvt/gb_RHSA-2011_0999-01_rsync.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-005 File : nvt/macosx_secupd_2008-005.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for rsync File : nvt/sles10_rsync.nasl |
2009-10-10 | Name : SLES9: Security update for rsync File : nvt/sles9p5012702.nasl |
2009-04-09 | Name : Mandriva Update for rsync MDVSA-2008:011 (rsync) File : nvt/gb_mandriva_MDVSA_2008_011.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
39593 | rsync Unspecified Remote Restriction Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1090.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110721_rsync_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-09-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0999.nasl - Type : ACT_GATHER_INFO |
2011-07-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-0999.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12038.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2008-011.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote openSUSE host is missing a security update. File : suse_rsync-4793.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_rsync-4798.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:53 |
|