-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux - Remote attack on rsync
Advisory number: CSSA-2002-003.0
Issue date: 2002, January 24
Cross reference:
______________________________________________________________________________
1. Problem Description
Sebastian Krahmer of SuSE discovered a vulnerability in rsync that
allows an attacker to modify memory of the rsync server process. There
is no know exploit yet, but this vulernability could be used against
servers providing downloads via anonymous rsync. Note that the problem
can also be exploited by a rogue server, attacking a client who uses
rsync.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 All packages previous to
rsync-2.5.0-2
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder rsync-2.5.0-2
OpenLinux eDesktop 2.4 All packages previous to
rsync-2.5.0-2
OpenLinux Server 3.1 All packages previous to
rsync-2.5.0-2
OpenLinux Workstation 3.1 All packages previous to
rsync-2.5.0-2
OpenLinux 3.1 IA64 All packages previous to
rsync-2.5.0-2
OpenLinux Server 3.1.1 All packages previous to
rsync-2.5.0-2
OpenLinux Workstation All packages previous to
3.1.1 rsync-2.5.0-2
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
5f24a0ddccec6d227bda592e770770c5 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh rsync-2.5.0-2.i386.rpm
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
f1679a658eee7afc5cc5e223a0f019b4 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh rsync-2.5.0-2.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
319f52b332937a9ec9b6b3a84a1a2818 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh rsync-2.5.0-2.i386.rpm
7. OpenLinux 3.1 Server
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
7.2 Verification
6edac1d41d34f694ff64a9b363f76be0 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh rsync-2.5.0-2.i386.rpm
8. OpenLinux 3.1 Workstation
8.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS
8.2 Verification
6edac1d41d34f694ff64a9b363f76be0 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm
8.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh rsync-2.5.0-2.i386.rpm
9. OpenLinux 3.1 IA64
9.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/SRPMS
9.2 Verification
35254e165135c1e1d08816432a04f132 RPMS/rsync-2.5.0-2.ia64.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm
9.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh rsync-2.5.0-2.ia64.rpm
10. OpenLinux 3.1.1 Server
10.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS
10.2 Verification
bc2612d7b204fbeef936e24ec8afe0b6 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm
10.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh rsync-2.5.0-2.i386.rpm
11. OpenLinux 3.1.1 Workstation
11.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS
11.2 Verification
bc2612d7b204fbeef936e24ec8afe0b6 RPMS/rsync-2.5.0-2.i386.rpm
53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm
11.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh rsync-2.5.0-2.i386.rpm
12. References
This and other Caldera security resources are located at:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 11350.
13. Disclaimer
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
14. Acknowledgements
Caldera International wishes to thank Sebastian Krahmer of SuSE for his
thorough security review, and for sharing his finding.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8X8JV18sy83A/qfwRAuQ4AKChuNxFkSa8D1tTPpEizbuHpA9qbwCfWL/B
WKmA3JGKIZ3rowplXTEL7DM=
=8c0p
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 17:31:48 PST