189132 – net-misc/rsync <= 2.6.9-r2 two off-by-one stack overflows (CVE-2007-4091)

Bug 189132 - net-misc/rsync <= 2.6.9-r2 two off-by-one stack overflows (CVE-2007-4091)

Summary: net-misc/rsync <= 2.6.9-r2 two off-by-one stack overflows (CVE-2007-4091)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	A2 [glsa]
Keywords:

Duplicates (1):	189694 (view as bug list)
Depends on:
Blocks:

Reported:	2007-08-16 17:16 UTC by Tobias Scherbaum (RETIRED)
Modified:	2020-04-03 06:58 UTC (History)
CC List:	8 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Scherbaum (RETIRED) gentoo-dev

2007-08-16 17:16:45 UTC

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908
http://c-skills.blogspot.com/2007/08/cve-2007-4091.html

Patch available, applies to 2.6.9-r3, http://www.suse.de/%7Ekrahmer/rsync-2.6.9-fname-obo.diff

Comment 1 Tobias Scherbaum (RETIRED) gentoo-dev

2007-08-16 17:37:02 UTC

Tested the patch applied to 2.6.9-r2, seems to be working fine on the rsync-Mirror I maintain.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-08-16 21:50:32 UTC

Thanks for the report Tobias.
base-system, please bump as necessary.

Comment 3 Stefan Cornelius (RETIRED) gentoo-dev

2007-08-21 11:44:25 UTC

*** Bug 189694 has been marked as a duplicate of this bug. ***

Comment 4 Roy Marples (RETIRED) gentoo-dev

2007-08-22 09:51:51 UTC

Patch added to -r3

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-08-22 16:51:05 UTC

Arches please test and mark stable. Target keywords are:

rsync-2.6.9-r3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"

Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev

2007-08-22 17:22:38 UTC

already stable for ppc

Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev

2007-08-22 18:04:24 UTC

sparc stable.

Comment 8 Andrej Kacian (RETIRED) gentoo-dev

2007-08-22 20:34:11 UTC

x86 done

Comment 9 Christoph Mende (RETIRED) gentoo-dev

2007-08-22 21:34:58 UTC

amd64 stable

Comment 10 Jeroen Roovers (RETIRED) gentoo-dev

2007-08-23 05:15:23 UTC

Stable for HPPA.

Comment 11 Raúl Porcel (RETIRED) gentoo-dev

2007-08-24 15:29:09 UTC

alpha/ia64 stable

Comment 12 Markus Rothe (RETIRED) gentoo-dev

2007-08-29 10:19:17 UTC

ppc64 stable

Comment 13 Christian Faulhammer (RETIRED) gentoo-dev

2007-09-08 22:16:47 UTC

All security supported arches done, changing status to [glsa], security your part.

Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-09-08 22:32:10 UTC

glsa request filed, which makes the 20th draft waiting in the pool... *sigh*

Comment 15 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-09-20 21:46:32 UTC

200709-13 ... be patient :)