Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 189132

Summary: net-misc/rsync <= 2.6.9-r2 two off-by-one stack overflows (CVE-2007-4091)
Product: Gentoo Security Reporter: Tobias Scherbaum (RETIRED) <dertobi123>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: base-system, bernd, fauli, gentoo, grag, ks, rajiv, wschlich
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Tobias Scherbaum (RETIRED) gentoo-dev 2007-08-16 17:16:45 UTC 
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908
http://c-skills.blogspot.com/2007/08/cve-2007-4091.html

Patch available, applies to 2.6.9-r3, http://www.suse.de/%7Ekrahmer/rsync-2.6.9-fname-obo.diff
Comment 1 Tobias Scherbaum (RETIRED) gentoo-dev 2007-08-16 17:37:02 UTC 
Tested the patch applied to 2.6.9-r2, seems to be working fine on the rsync-Mirror I maintain.
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-08-16 21:50:32 UTC 
Thanks for the report Tobias.
base-system, please bump as necessary.
Comment 3 Stefan Cornelius (RETIRED) gentoo-dev 2007-08-21 11:44:25 UTC 
*** Bug 189694 has been marked as a duplicate of this bug. ***
Comment 4 Roy Marples (RETIRED) gentoo-dev 2007-08-22 09:51:51 UTC 
Patch added to -r3
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-08-22 16:51:05 UTC 
Arches please test and mark stable. Target keywords are:

rsync-2.6.9-r3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2007-08-22 17:22:38 UTC 
already stable for ppc
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2007-08-22 18:04:24 UTC 
sparc stable.
Comment 8 Andrej Kacian (RETIRED) gentoo-dev 2007-08-22 20:34:11 UTC 
x86 done
Comment 9 Christoph Mende (RETIRED) gentoo-dev 2007-08-22 21:34:58 UTC 
amd64 stable
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2007-08-23 05:15:23 UTC 
Stable for HPPA.
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2007-08-24 15:29:09 UTC 
alpha/ia64 stable
Comment 12 Markus Rothe (RETIRED) gentoo-dev 2007-08-29 10:19:17 UTC 
ppc64 stable
Comment 13 Christian Faulhammer (RETIRED) gentoo-dev 2007-09-08 22:16:47 UTC 
All security supported arches done, changing status to [glsa], security your part.
Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-08 22:32:10 UTC 
glsa request filed, which makes the 20th draft waiting in the pool... *sigh*
Comment 15 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-09-20 21:46:32 UTC 
200709-13 ... be patient :)