From owner-freebsd-security Fri Feb 1 10:37: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from tomts5-srv.bellnexxia.net (tomts5.bellnexxia.net [209.226.175.25]) by hub.freebsd.org (Postfix) with ESMTP id 6FECC37B41D for ; Fri, 1 Feb 2002 10:36:49 -0800 (PST) Received: from khan.anarcat.dyndns.org ([65.94.186.7]) by tomts5-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP id <20020201183647.NHEN3155.tomts5-srv.bellnexxia.net@khan.anarcat.dyndns.org>; Fri, 1 Feb 2002 13:36:47 -0500 Received: from shall.anarcat.dyndns.org (shall.anarcat.dyndns.org [192.168.0.1]) by khan.anarcat.dyndns.org (Postfix) with ESMTP id 4EB73198F; Fri, 1 Feb 2002 13:36:32 -0500 (EST) Received: by shall.anarcat.dyndns.org (Postfix, from userid 1000) id 9DF8220ACA; Fri, 1 Feb 2002 13:36:32 -0500 (EST) Date: Fri, 1 Feb 2002 13:36:31 -0500 From: The Anarcat To: Zvezdan Petkovic Cc: security@FreeBSD.ORG Subject: Re: rsync core dumping? Message-ID: <20020201183631.GG324@shall.anarcat.dyndns.org> References: <20020201080635.H14011-100000@localhost> <20020201125322.A19287@corona.cs.wm.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="BghK6+krpKHjj+jk" Content-Disposition: inline In-Reply-To: <20020201125322.A19287@corona.cs.wm.edu> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --BghK6+krpKHjj+jk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. An advisory is underway for the rsync port. The 2.5.1_1 is not vulnerable to the problem described in http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-009.php 2.5.2 also contains the fix. A,=20 On Fri Feb 01, 2002 at 12:53:22PM -0500, Zvezdan Petkovic wrote: > On Fri, Feb 01, 2002 at 08:13:24AM -0800, Brian Behlendorf wrote: > >=20 > > So there've been numerous bulletins to bugtraq, etc. about remote > > vulnerabilities in rsync prior to 2.4.6 or so. I saw no FreeBSD-specif= ic > > announcements, however the hole appeared to be pretty generic, so I > > upgraded anyways to the current version in /usr/ports, 2.5.2. Since the > > vulnerability announcements, and both before *and* after my upgrade, I'= ve > > been seeing core dumps from the two public rsync servers I run for > > apache.org. --BghK6+krpKHjj+jk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: Pour information voir http://www.gnupg.org iEYEARECAAYFAjxa4C4ACgkQttcWHAnWiGc6lQCfV2v1n22plkXggB8gi92iD6wf 9VoAn000J0xl3A/7NBChFCIvFLXQ5ziK =56p9 -----END PGP SIGNATURE----- --BghK6+krpKHjj+jk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message