[lug] Rsync Exploit, was: SuSE Security Announcement
Timothy C. Klein
teece at silverklein.net
Thu Dec 4 12:44:10 MST 2003
* Gary Hodges (Gary.Hodges at noaa.gov) wrote:
> I just got the email from SuSE about the Kernel brk() vulnerability.
> Going through the instructions in the email I see that kernel
>
> k_athlon-2.4.21-144.i586.rpm
>
> is what I'm supposed to download. About a week ago there was a kernel
> update that I did with YaST/YOU. It is the same version number as the
> one listed for the current security announcement.
>
> ~>rpm -q k_athlon
> k_athlon-2.4.21-144
>
> I'm I correct to assume that I'm OK? Is it possible that changes were
> made but the version number didn't change?
>
> Cheers,
> Gary
Thought I would pass on that in addition to this brk() problem in the
2.4.22 kernel, the attacker in the recent Debian compromises used a
bug in rsync. Neither bug leads to a remote root exploit alone, but
apparently combined the two do. Note, that one is only vulnerable if
he/she is running an rsync *server*, which may not be all that common.
But I thought I would pass along that tidbit. Upgrade to 2.5.6 if you
use rsync, immediately if you use the rsync server.
(Sorry, can't provide the link for the security announcment from Debian,
just deleted it and I can't find it on their webpage yet.)
HTH,
Tim
--
======================================================
== Timothy Klein || teece at silver_NO-UCE_klein.net ==
== ------------------------------------------------ ==
== Hello_World.c: 17 Errors, 31 Warnings... ==
======================================================
More information about the LUG
mailing list