Gentoo Bug 189132 - net-misc/rsync <= 2.6.9-r2 two off-by-one stack overflows (CVE-2007-4091)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	189132
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Tobias Scherbaum <dertobi123@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 189132 depends on:			Show dependency tree
Bug 189132 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-08-16 17:16 0000

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote
attackers to execute arbitrary code via directory names that are not properly
handled when calling the f_name function.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908
http://c-skills.blogspot.com/2007/08/cve-2007-4091.html

Patch available, applies to 2.6.9-r3,
http://www.suse.de/%7Ekrahmer/rsync-2.6.9-fname-obo.diff

------- Comment #1 From Tobias Scherbaum 2007-08-16 17:37:02 0000 -------

Tested the patch applied to 2.6.9-r2, seems to be working fine on the
rsync-Mirror I maintain.

------- Comment #2 From Pierre-Yves Rofes 2007-08-16 21:50:32 0000 -------

Thanks for the report Tobias.
base-system, please bump as necessary.

------- Comment #3 From Stefan Cornelius (RETIRED) 2007-08-21 11:44:25 0000 -------

*** Bug 189694 has been marked as a duplicate of this bug. ***

------- Comment #4 From Roy Marples (RETIRED) 2007-08-22 09:51:51 0000 -------

Patch added to -r3

------- Comment #5 From Sune Kloppenborg Jeppesen 2007-08-22 16:51:05 0000 -------

Arches please test and mark stable. Target keywords are:

rsync-2.6.9-r3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64
s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"

------- Comment #6 From Tobias Scherbaum 2007-08-22 17:22:38 0000 -------

already stable for ppc

------- Comment #7 From Gustavo Zacarias (RETIRED) 2007-08-22 18:04:24 0000 -------

sparc stable.

------- Comment #8 From Andrej Kacian (RETIRED) 2007-08-22 20:34:11 0000 -------

x86 done

------- Comment #9 From Christoph Mende 2007-08-22 21:34:58 0000 -------

amd64 stable

------- Comment #10 From Jeroen Roovers 2007-08-23 05:15:23 0000 -------

Stable for HPPA.

------- Comment #11 From Raúl Porcel 2007-08-24 15:29:09 0000 -------

alpha/ia64 stable

------- Comment #12 From Markus Rothe 2007-08-29 10:19:17 0000 -------

ppc64 stable

------- Comment #13 From Christian Faulhammer 2007-09-08 22:16:47 0000 -------

All security supported arches done, changing status to [glsa], security your
part.

------- Comment #14 From Pierre-Yves Rofes 2007-09-08 22:32:10 0000 -------

glsa request filed, which makes the 20th draft waiting in the pool... *sigh*

------- Comment #15 From Raphael Marichez 2007-09-20 21:46:32 0000 -------

200709-13 ... be patient :)

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 189132

net-misc/rsync <= 2.6.9-r2 two off-by-one stack overflows (CVE-2007-4091)

Last modified: 2007-09-20 21:46:32 0000