Date: Fri, 1 Feb 2002 12:53:22 -0500 From: Zvezdan Petkovic <zvezdan@CS.WM.EDU> To: security@FreeBSD.ORG Subject: Re: rsync core dumping? Message-ID: <20020201125322.A19287@corona.cs.wm.edu> In-Reply-To: <20020201080635.H14011-100000@localhost>; from brian@collab.net on Fri, Feb 01, 2002 at 08:13:24AM -0800 References: <20020201080635.H14011-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 01, 2002 at 08:13:24AM -0800, Brian Behlendorf wrote: > > So there've been numerous bulletins to bugtraq, etc. about remote > vulnerabilities in rsync prior to 2.4.6 or so. I saw no FreeBSD-specific > announcements, however the hole appeared to be pretty generic, so I > upgraded anyways to the current version in /usr/ports, 2.5.2. Since the > vulnerability announcements, and both before *and* after my upgrade, I've > been seeing core dumps from the two public rsync servers I run for > apache.org. > > Feb 1 07:34:09 daedalus /kernel: pid 81088 (rsync), uid 65534: exited on signal 11 > > Since it runs as an untrusted user and I see no evidence of a compromise I > assume it's script kiddies trying whatever linux exploit > shove-3-K-of-^@'s-in-a-header kind of attack they might have, but the fact > that it still causes a seg fault despite upgrading to a supposedly "fixed" > version is somewhat concerning. Is anyone else seeing this? I can't > recreate what causes the core dump, I suppose doing a tcpdump to see what > people are feeding my server is the next step. > > Brian > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message I don't know about FreeBSD package since I do not use rsync on my BSD machine, but on the network I maintain Red Hat issued two rsync updates in five days. The first one was the security issue. The second one was a fix because rsync segfaulted and even corrupted file system. FWIW. -- Zvezdan Petkovic <zvezdan@cs.wm.edu> http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020201125322.A19287>