Linux rsync I/O errors allow DoS or root access

Risk
HIGH

Date Discovered
01-25-2002

Description
The rsync utility contains several signed/unsigned integer errors in its I/O functions that are remotely exploitable to cause denial of service or, possibly, to gain a root shell on the targeted system.

rsync is an open source utility that allows rapid, incremental file transfer. Frequently, rsync is used to mirror directory structures across computers.

Symantec Corporation is aware of multiple signedness errors (mixed signed and unsigned intergers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions. These errors are remotely exploitable. By supplying improperly checked signed values as an array index, a remote intruder can write NULL bytes to remote memory locations and corrupt the stack. This vulnerability can lead to a crash of the rsync server or client, or allow the remote intruder to execute arbitrary code on the targeted server as the root user.

In some cases, earlier patches to correct the rsync problem contained an error. All versions should be upgaded with the latest patch.

Platform(s) Affected
Linux

Affected Components
Certain versions of Linux, including SuSE Linux, Mandrake, Red Hat
click here for details

Safeguards
click here

References
Source: Mitre CVE CAN-2002-0048
URL: http://cve.mitre.org/cgi_blank-bin/cvename.cgi?name=CAN-2002-0048

Source: Red Hat Support RHSA_2002-018
URL: http://www.redhat.com/support/errata/RHSA-2002-018.html

Source: linuxsecurity.com Advisory 1853
URL: http://www.linuxsecurity.com/advisories/other_advisory-1853.html

Source: SecurityFocus.com BugTraq ID 3958
URL: http://securityfocus.com/bid/3958

Source: Hewlett-Packard Bulletin Serial Number HPSBTL0201-022
URL: http://itrc.hp.com

Date Last Updated
February 12, 2002

Copyright (c) 2002 by Symantec Corp.
Permission to redistribute this Alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this Alert in medium other than electronically requires permission from SymSecurity@symantec.com.

Disclaimer:
The information in the advisory is believed to be accurate at the time of printing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on this information.

Symantec, Symantec products, Symantec Security Response, and SymSecurity are Registered Trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.