rsync: Potential integer overflow — GLSA 200605-05

An attacker having write access to an rsync module might be able to execute arbitrary code on an rsync server.

Affected packages

net-misc/rsync on all architectures
Affected versions < 2.6.8
Unaffected versions >= 2.6.8

Background

rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree.

Description

An integer overflow was found in the receive_xattr function from the extended attributes patch (xattr.c) for rsync. The vulnerable function is only present when the "acl" USE flag is set.

Impact

A remote attacker with write access to an rsync module could craft malicious extended attributes which would trigger the integer overflow, potentially resulting in the execution of arbitrary code with the rights of the rsync daemon.

Workaround

Do not provide write access to an rsync module to untrusted parties.

Resolution

All rsync users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.8"

References

Release date
May 06, 2006

Latest revision
May 06, 2006: 01

Severity
high

Exploitable
remote

Bugzilla entries