GLSA-200407-10 : rsync: Directory traversal in rsync daemon

medium Nessus Plugin ID 14543

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200407-10 (rsync: Directory traversal in rsync daemon)

When rsyncd is used without chroot ('use chroot = false' in the rsyncd.conf file), the paths sent by the client are not checked thoroughly enough. If rsyncd is used with read-write permissions ('read only = false'), this vulnerability can be used to write files anywhere with the rights of the rsyncd daemon. With default Gentoo installations, rsyncd runs in a chroot, without write permissions and with the rights of the 'nobody' user.
Impact :

On affected configurations and if the rsync daemon runs under a privileged user, a remote client can exploit this vulnerability to completely compromise the host.
Workaround :

You should never set the rsync daemon to run with 'use chroot = false'. If for some reason you have to run rsyncd without a chroot, then you should not set 'read only = false'.

Solution

All users should update to the latest version of the rsync package.
# emerge sync # emerge -pv '>=net-misc/rsync-2.6.0-r2' # emerge '>=net-misc/rsync-2.6.0-r2'

See Also

https://security.gentoo.org/glsa/200407-10

Plugin Details

Severity: Medium

ID: 14543

File Name: gentoo_GLSA-200407-10.nasl

Version: 1.17

Type: local

Published: 8/30/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:rsync, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 7/12/2004

Vulnerability Publication Date: 4/29/2004

Reference Information

CVE: CVE-2004-0426

GLSA: 200407-10