rsync 带符号数组索引值可导致远程代码可执行发布时间:2002-01-28 更新时间:2002-01-28 严重程度:高 威胁程度:远程管理员权限 错误类型:访问验证错误 利用方式:服务器模式 BUGTRAQ ID:3958 受影响系统 rsync rsync 2.3.1详细描述 rsync是用于通过网络镜象文件和目录结构的工具,经常用于维护FTP站点等, 使用在多种系统平台之上,rsync通常被配置以ROOT用户运行。 其中某些版本存在一个漏洞,远程用户可以提供带符号数值作为一数组索引, 允许NULL字节被写到任意内存位置。这可以导致堆栈被破坏而可能以ROOT用户 执行任意命令。 测试代码 尚无 解决方案 请尽快下载使用如下程序: rsync rsync 2.3.1: Conectiva RPM rsync-2.4.6-4U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/rsync-2.4.6-4U50_1cl.i386.rpm for Conectiva 5.0 Conectiva RPM rsync-2.4.6-4U51_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/rsync-2.4.6-4U51_1cl.i386.rpm for Conectiva 5.1 Conectiva RPM rsync-2.4.6-4U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/rsync-2.4.6-4U50_1cl.i386.rpm for Conectiva ecommerce Conectiva RPM rsync-2.4.6-4U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/rsync-2.4.6-4U50_1cl.i386.rpm for Conectiva graficas rsync rsync 2.3.2-1.2 sparc: Debian Upgrade rsync_2.3.2-1.3_sparc http://security.debian.org/dists/stable/updates/main/binary-sparc/rsync_2.3.2-1.3_sparc.deb rsync rsync 2.3.2-1.2 PPC: Debian Upgrade rsync_2.3.2-1.3_powerpc http://security.debian.org/dists/stable/updates/main/binary-powerpc/rsync_2.3.2-1.3_powerpc.deb rsync rsync 2.3.2-1.2 m68k: Debian Upgrade rsync_2.3.2-1.3_m68k http://security.debian.org/dists/stable/updates/main/binary-m68k/rsync_2.3.2-1.3_m68k.deb rsync rsync 2.3.2-1.2 intel: Debian Upgrade rsync_2.3.2-1.3_i386 http://security.debian.org/dists/stable/updates/main/binary-i386/rsync_2.3.2-1.3_i386.deb rsync rsync 2.3.2-1.2 ARM: Debian Upgrade rsync_2.3.2-1.3_arm http://security.debian.org/dists/stable/updates/main/binary-arm/rsync_2.3.2-1.3_arm.deb rsync rsync 2.3.2-1.2 alpha: Debian Upgrade rsync_2.3.2-1.3_alpha http://security.debian.org/dists/stable/updates/main/binary-alpha/rsync_2.3.2-1.3_alpha.deb rsync rsync 2.3.2: SuSE RPM rsync-2.3.2-124.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/rsync-2.3.2-124.i386.rpm for SuSE 7.0 SuSE RPM rsync-2.3.2-123.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/rsync-2.3.2-123.i386.rpm for SuSE 6.4 SuSE RPM rsync-2.3.2-5.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/rsync-2.3.2-5.sparc.rpm for SuSE 7.0 SuSE RPM rsync-2.3.2-30.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/rsync-2.3.2-30.alpha.rpm for SuSE 7.0 SuSE RPM rsync-2.3.2-31.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/rsync-2.3.2-31.alpha.rpm for SuSE 6.4 SuSE RPM rsync-2.3.2-133.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/rsync-2.3.2-133.ppc.rpm for SuSE 7.0 SuSE RPM rsync-2.3.2-133.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/rsync-2.3.2-133.ppc.rpm for SuSE 6.4 rsync rsync 2.4.1: RedHat RPM rsync-2.4.6-0.6.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/rsync-2.4.6-0.6.alpha.rpm for RedHat 6.2 RedHat RPM rsync-2.4.6-0.6.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/rsync-2.4.6-0.6.i386.rpm for RedHat 6.2 RedHat RPM rsync-2.4.6-0.6.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/rsync-2.4.6-0.6.sparc.rpm for RedHat 6.2 rsync rsync 2.4.4: RedHat RPM rsync-2.4.6-8.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/rsync-2.4.6-8.alpha.rpm for RedHat 7.0 RedHat RPM rsync-2.4.6-8.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/rsync-2.4.6-8.i386.rpm for RedHat 7.0 RedHat RPM rsync-2.4.6-8.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/rsync-2.4.6-8.alpha.rpm for RedHat 7.1 RedHat RPM rsync-2.4.6-8.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/rsync-2.4.6-8.i386.rpm for RedHat 7.1 RedHat RPM rsync-2.4.6-8.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/rsync-2.4.6-8.ia64.rp for RedHat 7.1 rsync rsync 2.4.6: SuSE RPM rsync-2.4.6-288.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/rsync-2.4.6-288.i386.rpm for SuSE 7.3 SuSE RPM rsync-2.4.6-289.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/rsync-2.4.6-289.i386.rpm for SuSE 7.2 SuSE RPM rsync-2.4.6-288.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/rsync-2.4.6-288.i386.rpm for SuSE 7.1 SuSE RPM rsync-2.4.6-135.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/rsync-2.4.6-135.sparc.rpm for SuSE 7.3 SuSE RPM rsync-2.4.6-135.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/rsync-2.4.6-135.sparc.rpm for SuSE 7.1 SuSE RPM rsync-2.4.6-123.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/rsync-2.4.6-123.alpha.rpm for SuSE 7.1 SuSE RPM rsync-2.4.6-150.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/rsync-2.4.6-150.ppc.rpm for SuSE 7.3 SuSE RPM rsync-2.4.6-151.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/rsync-2.4.6-151.ppc.rpm for SuSE 7.1 Engarde Secure Linux RPM rsync-2.4.6-1.0.3.i386.rpm ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ Engarde Secure Linux RPM rsync-2.4.6-1.0.3.i686.rpm ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ Conectiva RPM rsync-2.4.6-4U60_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/rsync-2.4.6-4U60_1cl.i386.rpm for Conectiva 6.0 Conectiva RPM rsync-2.4.6-4U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/rsync-2.4.6-4U70_1cl.i386.rpm for Conectiva 7.0 RedHat RPM rsync-2.4.6-8.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/rsync-2.4.6-8.i386.rpm for RedHat 7.2 RedHat RPM rsync-2.4.6-8.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/rsync-2.4.6-8.ia64.rpm for RedHat 7.2 相关信息 Sebastian Krahmer <krahmer@suse.de>. 参考:http://www.securityfocus.com/advisories/3826 相关主页:http://rsync.samba.org/ |
