-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux - Remote attack on rsync Advisory number: CSSA-2002-003.0 Issue date: 2002, January 24 Cross reference: ______________________________________________________________________________ 1. Problem Description Sebastian Krahmer of SuSE discovered a vulnerability in rsync that allows an attacker to modify memory of the rsync server process. There is no know exploit yet, but this vulernability could be used against servers providing downloads via anonymous rsync. Note that the problem can also be exploited by a rogue server, attacking a client who uses rsync. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to rsync-2.5.0-2 OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder rsync-2.5.0-2 OpenLinux eDesktop 2.4 All packages previous to rsync-2.5.0-2 OpenLinux Server 3.1 All packages previous to rsync-2.5.0-2 OpenLinux Workstation 3.1 All packages previous to rsync-2.5.0-2 OpenLinux 3.1 IA64 All packages previous to rsync-2.5.0-2 OpenLinux Server 3.1.1 All packages previous to rsync-2.5.0-2 OpenLinux Workstation All packages previous to 3.1.1 rsync-2.5.0-2 3. Solution Workaround none The proper solution is to upgrade to the latest packages. 4. OpenLinux 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification 5f24a0ddccec6d227bda592e770770c5 RPMS/rsync-2.5.0-2.i386.rpm 53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh rsync-2.5.0-2.i386.rpm 5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification f1679a658eee7afc5cc5e223a0f019b4 RPMS/rsync-2.5.0-2.i386.rpm 53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh rsync-2.5.0-2.i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 319f52b332937a9ec9b6b3a84a1a2818 RPMS/rsync-2.5.0-2.i386.rpm 53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh rsync-2.5.0-2.i386.rpm 7. OpenLinux 3.1 Server 7.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 7.2 Verification 6edac1d41d34f694ff64a9b363f76be0 RPMS/rsync-2.5.0-2.i386.rpm 53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm 7.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh rsync-2.5.0-2.i386.rpm 8. OpenLinux 3.1 Workstation 8.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 8.2 Verification 6edac1d41d34f694ff64a9b363f76be0 RPMS/rsync-2.5.0-2.i386.rpm 53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm 8.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh rsync-2.5.0-2.i386.rpm 9. OpenLinux 3.1 IA64 9.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/IA64/current/SRPMS 9.2 Verification 35254e165135c1e1d08816432a04f132 RPMS/rsync-2.5.0-2.ia64.rpm 53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm 9.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh rsync-2.5.0-2.ia64.rpm 10. OpenLinux 3.1.1 Server 10.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS 10.2 Verification bc2612d7b204fbeef936e24ec8afe0b6 RPMS/rsync-2.5.0-2.i386.rpm 53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm 10.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh rsync-2.5.0-2.i386.rpm 11. OpenLinux 3.1.1 Workstation 11.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS 11.2 Verification bc2612d7b204fbeef936e24ec8afe0b6 RPMS/rsync-2.5.0-2.i386.rpm 53d246410dd62b6db36c1ff682193331 SRPMS/rsync-2.5.0-2.src.rpm 11.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh rsync-2.5.0-2.i386.rpm 12. References This and other Caldera security resources are located at: http://www.caldera.com/support/security/index.html This security fix closes Caldera's internal Problem Report 11350. 13. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 14. Acknowledgements Caldera International wishes to thank Sebastian Krahmer of SuSE for his thorough security review, and for sharing his finding. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8X8JV18sy83A/qfwRAuQ4AKChuNxFkSa8D1tTPpEizbuHpA9qbwCfWL/B WKmA3JGKIZ3rowplXTEL7DM= =8c0p -----END PGP SIGNATURE-----