int(786)

Vulnerability Bulletins


Directorio transversal en rsync

Vulnerability classification

Property Value
Confidence level Oficial
Impact Obtener acceso
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information

Property Value
Affected manufacturer GNU/Linux
Affected software rsync <2.6.1

Description

Se ha descubierto una vulnerabilidad de directorio transversal en las versiones anteriores a la 2.6.1 del demonio rsync, utilizado para transferencia remota de archivos. La explotación de esta vulnerabilidad podría permitir a un atacante remoto escribir archivos fuera del árbol de directorios reservado en un principio para tal efecto.

Para poder explotar esta vulnerabilidad el demonio debe correr en modo lectura/escritura y no debe estar corriendo en un entorno 'chroot'.

Solution

Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo.


Actualización de software

rsync
rsync 2.6.1
http://samba.anu.edu.au/rsync/download.html

Debian Linux

Debian Linux 3.0
Source
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5.dsc
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5.diff.gz
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5.orig.tar.gz
Alpha
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_alpha.deb
ARM
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_arm.deb
Intel IA-32
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_ia64.deb
HP Precision
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_hppa.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_sparc.deb

Mandrake Linux

Mandrake Linux 9.1
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/rsync-2.5.7-0.2.91mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/rsync-2.5.7-0.2.91mdk.src.rpm
PPC
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/rsync-2.5.7-0.2.91mdk.ppc.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/rsync-2.5.7-0.2.91mdk.src.rpm

Mandrake Linux 9.2
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/rsync-2.5.7-0.2.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/rsync-2.5.7-0.2.92mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/rsync-2.5.7-0.2.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/rsync-2.5.7-0.2.92mdk.src.rpm

Mandrake Multi Network Firewall 8.2
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/rsync-2.5.4-2.2.M82mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/rsync-2.5.4-2.2.M82mdk.src.rpm

Mandrake Corporate Server 2.1
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/rsync-2.5.5-5.2.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/rsync-2.5.5-5.2.C21mdk.src.rpm
x86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/rsync-2.5.5-5.2.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/rsync-2.5.5-5.2.C21mdk.src.rpm

Mandrakelinux 10.0
i386
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/rsync-2.6.0-1.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/rsync-2.6.0-1.1.100mdk.src.rpm

Red Hat

Red Hat Desktop (v. 3)
AMD64
rsync-2.5.7-4.3E.x86_64.rpm
SRPMS
rsync-2.5.7-4.3E.src.rpm
i386
rsync-2.5.7-4.3E.i386.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS
rsync-2.5.7-3.21AS.src.rpm
i386
rsync-2.5.7-3.21AS.i386.rpm
ia64
rsync-2.5.7-3.21AS.ia64.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux AS (v. 3)
AMD64
rsync-2.5.7-4.3E.x86_64.rpm
SRPMS
rsync-2.5.7-4.3E.src.rpm
i386
rsync-2.5.7-4.3E.i386.rpm
ia64
rsync-2.5.7-4.3E.ia64.rpm
ppc
rsync-2.5.7-4.3E.ppc.rpm
ppc64
rsync-2.5.7-4.3E.ppc64.rpm
s390
rsync-2.5.7-4.3E.s390.rpm
s390x
rsync-2.5.7-4.3E.s390x.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux ES (v. 2.1)
SRPMS
rsync-2.5.7-3.21AS.src.rpm
i386
rsync-2.5.7-3.21AS.i386.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux ES (v. 3)
AMD64
rsync-2.5.7-4.3E.x86_64.rpm
SRPMS
rsync-2.5.7-4.3E.src.rpm
i386
rsync-2.5.7-4.3E.i386.rpm
ia64
rsync-2.5.7-4.3E.ia64.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux WS (v. 2.1)
SRPMS
rsync-2.5.7-3.21AS.src.rpm
i386
rsync-2.5.7-3.21AS.i386.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux WS (v. 3)
AMD64
rsync-2.5.7-4.3E.x86_64.rpm
SRPMS
rsync-2.5.7-4.3E.src.rpm
i386
rsync-2.5.7-4.3E.i386.rpm
ia64
rsync-2.5.7-4.3E.ia64.rpm
https://rhn.redhat.com/

Red Hat Linux Advanced Workstation 2.1 Itanium Processor
SRPMS
rsync-2.5.7-3.21AS.src.rpm
ia64
rsync-2.5.7-3.21AS.ia64.rpm
https://rhn.redhat.com/

Apple
Mac OS X 10.2.8
http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_2_8_Client).html
Mac OS X 10.3.4
http://www.apple.com/support/downloads//securityupdate_2004-09-07(10_3_4_Client).html
Mac OS X 10.3.5
http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_3_5_Client).html
Mac OS X Server 10.2.8
http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_2_8_Server).html
Mac OS X Server 10.3.4
http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_3_4_Server).html
Mac OS X Server 10.3.5
http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_3_5_Server).html

Standar resources

Property Value
CVE CAN-2004-0426
BID

Other resources

rsync April 2004 Security Advisory
http://samba.anu.edu.au/rsync/#security_apr04

Debian Security Advisory DSA 499-1
http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00099.html

Debian Security Advisory DSA 499-2
http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00113.html

Mandrake Security Advisory MDKSA-2004:042
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:042

Red Hat Security Advisory RHSA-2004:192-06
https://rhn.redhat.com/errata/RHSA-2004-192.html

Apple Security Update 2004-09-07
http://docs.info.apple.com/article.html?artnum=61798

Version history

Version Comments Date
1.0 Aviso emitido 2004-05-03
1.1 Aviso emitido por Mandrake (MDKSA-2004:042) 2004-05-11
1.2 Aviso emitido por Red Hat (RHSA-2004:192-06) 2004-05-21
1.3 Aviso actualizado por Debian (DSA 499-2) 2004-06-03
1.4 Aviso emitido por Apple (2004-09-07) 2004-09-08
Ministerio de Defensa
CNI
CCN
CCN-CERT