Slackware 8.1 / 9.0 / 9.1 / current : rsync update (SSA:2004-124-01)

medium Nessus Plugin ID 18768

Synopsis

The remote Slackware host is missing a security update.

Description

New rsync packages are available for Slackware 8.1, 9.0, 9.1, and
-current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away (and should probably look into using the chroot option as well).

Solution

Update the affected rsync package.

See Also

http://www.nessus.org/u?9b9e9da7

Plugin Details

Severity: Medium

ID: 18768

File Name: Slackware_SSA_2004-124-01.nasl

Version: 1.16

Type: local

Published: 7/13/2005

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:rsync, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:8.1, cpe:/o:slackware:slackware_linux:9.0, cpe:/o:slackware:slackware_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 5/3/2004

Reference Information

CVE: CVE-2004-0426

SSA: 2004-124-01