Slackware Advisory SSA:2004-124-01 Rsync Update Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2004-124-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-124-01

Insight

New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away (and should probably look into using the chroot option as well). More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426

Severity

Classification

CVE CVE-2004-0426

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Slackware Advisory SSA:2006-257-02 openssl
Slackware Advisory SSA:2005-201-02 emacs movemail POP utility
Slackware Advisory SSA:2006-357-01 mozilla-firefox
Slackware Advisory SSA:2004-124-01 rsync update
Slackware Advisory SSA:2005-278-01 Thunderbird email client

Take action and discover your vulnerabilities