RSync Security Advisory

Niki Guldbrand niki at lunar-linux.org
Thu Dec 4 10:44:58 GMT 2003


Hi All.

If any of you have a rsync server please update at once (Dbguin has been
updated.)

I have just bumped the version of rsync in moonbase to version 2.5.7
which contains a Heap overflow fix which is belived to have been used to
gain access to the debian systems, and together with the kernel do_brk
bug would give full root access.

See here for more details: http://rsync.samba.org/


Niki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lunar-linux.org/pipermail/lunar/attachments/20031204/207e0c1f/attachment.bin


More information about the lunar mailing list