Results 1 to 3 of 3

Thread: Vulnerability:Caldera-Remote attack on rsync

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability:Caldera-Remote attack on rsync

    Sebastian Krahmer of SuSE discovered a vulnerability in rsync that
    allows an attacker to modify memory of the rsync server process. There
    is no know exploit yet, but this vulernability could be used against
    servers providing downloads via anonymous rsync. Note that the problem
    can also be exploited by a rogue server, attacking a client who uses
    rsync.


    Vulnerable Versions

    System Package
    -----------------------------------------------------------
    OpenLinux 2.3 All packages previous to
    rsync-2.5.0-2

    OpenLinux eServer 2.3.1 All packages previous to
    and OpenLinux eBuilder rsync-2.5.0-2

    OpenLinux eDesktop 2.4 All packages previous to
    rsync-2.5.0-2

    OpenLinux Server 3.1 All packages previous to
    rsync-2.5.0-2

    OpenLinux Workstation 3.1 All packages previous to
    rsync-2.5.0-2

    OpenLinux 3.1 IA64 All packages previous to
    rsync-2.5.0-2

    OpenLinux Server 3.1.1 All packages previous to
    rsync-2.5.0-2

    OpenLinux Workstation All packages previous to
    3.1.1 rsync-2.5.0-2



    3. Solution

    Workaround

    none

    The proper solution is to upgrade to the latest packages.

    4. OpenLinux 2.3

    4.1 Location of Fixed Packages

    The upgrade packages can be found on Caldera's FTP site at:

    ftp://ftp.caldera.com/pub/updates/Op...3/current/RPMS

    The corresponding source code package can be found at:

    ftp://ftp.caldera.com/pub/updates/Op.../current/SRPMS

    4.2 Verification

    5f24a0ddccec6d227bda592e770770c5 RPMS/rsync-2.5.0-2.i386.rpm
    53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm


    4.3 Installing Fixed Packages

    Upgrade the affected packages with the following commands:

    rpm -Fvh rsync-2.5.0-2.i386.rpm


    5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

    5.1 Location of Fixed Packages

    The upgrade packages can be found on Caldera's FTP site at:

    ftp://ftp.caldera.com/pub/updates/eS...3/current/RPMS

    The corresponding source code package can be found at:

    ftp://ftp.caldera.com/pub/updates/eS.../current/SRPMS

    5.2 Verification

    f1679a658eee7afc5cc5e223a0f019b4 RPMS/rsync-2.5.0-2.i386.rpm
    53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm


    5.3 Installing Fixed Packages

    Upgrade the affected packages with the following commands:

    rpm -Fvh rsync-2.5.0-2.i386.rpm


    6. OpenLinux eDesktop 2.4

    6.1 Location of Fixed Packages

    The upgrade packages can be found on Caldera's FTP site at:

    ftp://ftp.caldera.com/pub/updates/eD...4/current/RPMS

    The corresponding source code package can be found at:

    ftp://ftp.caldera.com/pub/updates/eD.../current/SRPMS

    6.2 Verification

    319f52b332937a9ec9b6b3a84a1a2818 RPMS/rsync-2.5.0-2.i386.rpm
    53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm


    6.3 Installing Fixed Packages

    Upgrade the affected packages with the following commands:

    rpm -Fvh rsync-2.5.0-2.i386.rpm


    7. OpenLinux 3.1 Server

    7.1 Location of Fixed Packages

    The upgrade packages can be found on Caldera's FTP site at:

    ftp://ftp.caldera.com/pub/updates/Op...r/current/RPMS

    The corresponding source code package can be found at:

    ftp://ftp.caldera.com/pub/updates/Op.../current/SRPMS

    7.2 Verification

    6edac1d41d34f694ff64a9b363f76be0 RPMS/rsync-2.5.0-2.i386.rpm
    53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm


    7.3 Installing Fixed Packages

    Upgrade the affected packages with the following commands:

    rpm -Fvh rsync-2.5.0-2.i386.rpm


    8. OpenLinux 3.1 Workstation

    8.1 Location of Fixed Packages

    The upgrade packages can be found on Caldera's FTP site at:

    ftp://ftp.caldera.com/pub/updates/Op...n/current/RPMS

    The corresponding source code package can be found at:


    ftp://ftp.caldera.com/pub/updates/Op.../current/SRPMS

    8.2 Verification

    6edac1d41d34f694ff64a9b363f76be0 RPMS/rsync-2.5.0-2.i386.rpm
    53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm


    8.3 Installing Fixed Packages

    Upgrade the affected packages with the following commands:

    rpm -Fvh rsync-2.5.0-2.i386.rpm


    9. OpenLinux 3.1 IA64

    9.1 Location of Fixed Packages

    The upgrade packages can be found on Caldera's FTP site at:

    ftp://ftp.caldera.com/pub/updates/Op...4/current/RPMS

    The corresponding source code package can be found at:

    ftp://ftp.caldera.com/pub/updates/Op.../current/SRPMS

    9.2 Verification

    35254e165135c1e1d08816432a04f132 RPMS/rsync-2.5.0-2.ia64.rpm
    53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm


    9.3 Installing Fixed Packages

    Upgrade the affected packages with the following commands:

    rpm -Fvh rsync-2.5.0-2.ia64.rpm


    10. OpenLinux 3.1.1 Server

    10.1 Location of Fixed Packages

    The upgrade packages can be found on Caldera's FTP site at:

    ftp://ftp.caldera.com/pub/updates/Op...r/current/RPMS

    The corresponding source code package can be found at:

    ftp://ftp.caldera.com/pub/updates/Op.../current/SRPMS

    10.2 Verification

    bc2612d7b204fbeef936e24ec8afe0b6 RPMS/rsync-2.5.0-2.i386.rpm
    53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm


    10.3 Installing Fixed Packages

    Upgrade the affected packages with the following commands:

    rpm -Fvh rsync-2.5.0-2.i386.rpm


    11. OpenLinux 3.1.1 Workstation

    11.1 Location of Fixed Packages

    The upgrade packages can be found on Caldera's FTP site at:


    ftp://ftp.caldera.com/pub/updates/Op...n/current/RPMS

    The corresponding source code package can be found at:


    ftp://ftp.caldera.com/pub/updates/Op.../current/SRPMS

    11.2 Verification

    bc2612d7b204fbeef936e24ec8afe0b6 RPMS/rsync-2.5.0-2.i386.rpm
    53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm


    11.3 Installing Fixed Packages

    Upgrade the affected packages with the following commands:

    rpm -Fvh rsync-2.5.0-2.i386.rpm



    12. References

    This and other Caldera security resources are located at:

    http://www.caldera.com/support/security/index.html

    This security fix closes Caldera's internal Problem Report 11350.

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    Thanks a TON for this post. I need to update my OpenLinux 2.3 to the latest stuff anyway, and I've been meaning to, and you've reminded me. Thanks again.

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    he he... thanx for the update S0nic... but why would a SuSE nut run around playing with caldera... odd stuff... odd stuff

    ~THEJRC~
    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •