Date: Fri, 1 Feb 2002 08:13:24 -0800 (PST) From: Brian Behlendorf <brian@collab.net> To: security@freebsd.org Subject: rsync core dumping? Message-ID: <20020201080635.H14011-100000@localhost>
next in thread | raw e-mail | index | archive | help
So there've been numerous bulletins to bugtraq, etc. about remote vulnerabilities in rsync prior to 2.4.6 or so. I saw no FreeBSD-specific announcements, however the hole appeared to be pretty generic, so I upgraded anyways to the current version in /usr/ports, 2.5.2. Since the vulnerability announcements, and both before *and* after my upgrade, I've been seeing core dumps from the two public rsync servers I run for apache.org. Feb 1 07:34:09 daedalus /kernel: pid 81088 (rsync), uid 65534: exited on signal 11 Since it runs as an untrusted user and I see no evidence of a compromise I assume it's script kiddies trying whatever linux exploit shove-3-K-of-^@'s-in-a-header kind of attack they might have, but the fact that it still causes a seg fault despite upgrading to a supposedly "fixed" version is somewhat concerning. Is anyone else seeing this? I can't recreate what causes the core dump, I suppose doing a tcpdump to see what people are feeding my server is the next step. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020201080635.H14011-100000>