Linux Today: Linux News On Internet Time.
Search Linux Today
search.internet.com
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Become a Marketplace Partner

internet.commerce
Be a Commerce Partner














The Linux Channel at internet.com
Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Subscribe News
Subscribe PR
Subscribe Security

internet.com
IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

 

Current Newswire:

Extending Nautilus, Scripting Your Way To UI Bliss

Check Your Mysql Server Performance with MySQLTuner

The Growth of the Newest Kubuntu Support Option

Linux Game "System of Tomorrow" Ships in Two Weeks

Anonymous Proxy Using Squid 3 On CentOS 5.x

Install and Configure Cacti Monitoring Tool in Ubuntu 8.10 (Intrepid Ibex) Server

SimplyMEPIS: The Best Desktop Linux You Haven't Tried

Planning Extensions in TYPO3

How the Linux Kernel Manages Virtual Memory

Make Your BIOS Love Security

Sr. Developer, Backend
Professional Technical Resources
US-OR-Portland

Justtechjobs.com Post A Job | Post A Resume
:Netwosix Linux Advisory: rsync
Netwosix Linux Advisory: rsync
Aug 17, 2004, 19 :29 UTC (0 Talkback[s]) (1662 reads)

Netwosix Linux Security Advisory #2004-0017 <http://www.netwosix.org>

Package name: rsync
Summary: Exposure of System Information
Date: 2004-08-17
Affected versions: Netwosix 1.0 Netwosix 1.1

Package description:

rsync is an open source utility that provides fast incremental file transfer. rsync is freely available under the GNU General Public License version 2

Problem description:

There is a path-sanitizing bug that affects daemon mode in all recent rsync versions (including 2.6.2) but only if chroot is disabled. It does NOT affect the normal send/receive filenames that specify what files should be transferred (this is because these names happen to get sanitized twice, and thus the second call removes any lingering leading slash(es) that the first call left behind). It does affect certain option paths that cause auxilliary files to be read or written.

Action:

We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:

You can download the latest version of this package in NEPOTE format from: <http://download.netwosix.org/0017/nepote>

Nepote Update

See this instructions to update the port of this package:

# cd $somewhere
# wget http://download.netwosix.org/0017/nepote
# sh nepote (to install the new and updated package)

References

Specific references for this advisory:
http://samba.org/rsync/#security_aug04

About Linux Netwosix:

Linux Netwosix is a powerful and optimized Linux distribution for servers and Network Security related jobs. It can also be used for special operations such as penetration testing with its big collection of security oriented software and sources. It's a light distribution created for the requirements of every SysAdmin and it's very portable and highly configurable. Our philosophy is to give greater liberty for configuration to the SysAdmin. Only in this way can he/she configure a powerful and stable server machine. Linux Netwosix also has a powerful ports system (Nepote) similar to the xBSD systems but more flexible and usable.

Questions?

Check out our mailing lists:
<http://www.netwosix.org/mailing.html>

The advisory itself is available at
<http://www.netwosix.org/adv17.html>

MD5sums of the packages:

a9769682900f49755934f0def030153a 0017/nepote

Complete Story



No talkbacks posted.
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!






..............................


All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft PDF: Top 11 Reasons to Upgrade to Windows Server 2008
Intel Podcast Transcript: Talking vPro
Avaya Article: Communication-Enabled Mashups: Empowering Both Business Owners and IT
Whitepaper: Building a Real-World Model to Assess Virtualization Platforms
PDF: Intel Centrino Duo Processor Technology with Intel Core2 Duo Processor
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Go Parallel Article: Q&A with a TBB Junkie
Microsoft Article: BitLocker Encryption on Windows Server 2008
Go Parallel Article: Intel Thread Checker, Meet 20 Million LOC
IBM Whitepaper: Innovative Collaboration to Advance Your Business
   Internet.com eBook: Real Life Rails
IBM eBook: The Pros and Cons of Outsourcing
Internet.com eBook: Best Practices for Developing a Web Site
IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future"
Avaya Article: Call Control XML in Action - A CCXML Auto Attendant
IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Podcast: The Pro Platform - Intel vPro Technology
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++
HP Video: Is Your Data Center Ready for a Real World Disaster?
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
HP On Demand Webcast: Virtualization in Action
Go Parallel Video: Performance and Threading Tools for Game Developers
   Rackspace Hosting Center: Customer Videos
Intel vPro Developer Virtual Bootcamp
HP Disaster-Proof Solutions eSeminar
HP On Demand Webcast: Discover the Benefits of Virtualization
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Amyuni Download: PDF & XPS Engine for Your .NET and ActiveX Applications
Acresso Download: Try InstallShield 2009
Microsoft Download: Silverlight 2 SDK
30-Day Trial: SPAMfighter Exchange Module
   Red Gate Download: SQL Toolbelt
Iron Speed Designer Application Generator
Microsoft Download: Silverlight 2 Developer Runtime (Windows)
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Demo: Dual-Core Intel Itanium 2 Processor
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage
   Microsoft Article: Making Designer/Developer Collaboration a Reality
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES