CVE-2003-0962
CVSS7.5
发布时间 :2003-12-15 00:00:00
修订时间 :2016-10-17 22:38:32
NMCOS    

[原文]Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.


[CNNVD]rsync服务远程堆破坏漏洞(CNNVD-200312-042)

        
        rsync是一款用于服务器同步的程序。
        rsync服务存在堆破坏问题,远程攻击者可以利用这个漏洞以rsync进程权限在系统上执行任意指令。
        rsync存在一个未明的堆溢出问题可用于远程执行任意代码,利用这个漏洞不能直接获得管理员权限,不过结合最近的do_brk()函数存在的漏洞可以用于获得root用户权限。如果服务器使用非默认rsyncd.conf配置选项"use chroot = no",可导致使攻击者更容易进行攻击。
        Rsync服务默认监听873端口。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:slackware:slackware_linux:9.1Slackware Linux 9.1
cpe:/o:slackware:slackware_linux:8.1Slackware Linux 8.1
cpe:/o:slackware:slackware_linux:9.0Slackware Linux 9.0
cpe:/a:redhat:rsync:2.4.6-5::ia64
cpe:/o:engardelinux:secure_community:1.0.1Engarde Secure Community 1.0.1
cpe:/a:andrew_tridgell:rsync:2.4.8
cpe:/o:engardelinux:secure_community:2.0Engarde Secure Community 2.0
cpe:/a:andrew_tridgell:rsync:2.4.6
cpe:/a:andrew_tridgell:rsync:2.5.5
cpe:/a:andrew_tridgell:rsync:2.5.6
cpe:/o:slackware:slackware_linux:current
cpe:/a:redhat:rsync:2.5.5-4::i386
cpe:/a:redhat:rsync:2.4.6-5::i386
cpe:/a:redhat:rsync:2.5.4-2::i386
cpe:/a:redhat:rsync:2.5.5-1::i386
cpe:/a:redhat:rsync:2.4.6-2::i386
cpe:/o:engardelinux:secure_linux:1.1::professional
cpe:/o:engardelinux:secure_linux:1.2::professional
cpe:/o:engardelinux:secure_linux:1.5::professional
cpe:/a:andrew_tridgell:rsync:2.4.4
cpe:/a:andrew_tridgell:rsync:2.5.3
cpe:/a:andrew_tridgell:rsync:2.4.5
cpe:/a:andrew_tridgell:rsync:2.5.4
cpe:/a:andrew_tridgell:rsync:2.5.1
cpe:/a:andrew_tridgell:rsync:2.4.3
cpe:/a:andrew_tridgell:rsync:2.5.2
cpe:/a:andrew_tridgell:rsync:2.3.1
cpe:/a:andrew_tridgell:rsync:2.4.0
cpe:/a:andrew_tridgell:rsync:2.3.2
cpe:/a:andrew_tridgell:rsync:2.4.1
cpe:/a:andrew_tridgell:rsync:2.5.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9415Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibl...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0962
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0962
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-042
(官方数据源) CNNVD

- 其它链接及资源

ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
(UNKNOWN)  SGI  20031202-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794
(UNKNOWN)  CONECTIVA  CLA-2003:794
http://marc.info/?l=bugtraq&m=107055681311602&w=2
(UNKNOWN)  BUGTRAQ  20031204 rsync security advisory (fwd)
http://marc.info/?l=bugtraq&m=107055684711629&w=2
(UNKNOWN)  TRUSTIX  2003-0048
http://marc.info/?l=bugtraq&m=107055702911867&w=2
(UNKNOWN)  BUGTRAQ  20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync)
http://marc.info/?l=bugtraq&m=107056923528423&w=2
(UNKNOWN)  BUGTRAQ  20031204 GLSA: exploitable heap overflow in rsync (200312-03)
http://www.kb.cert.org/vuls/id/325603
(UNKNOWN)  CERT-VN  VU#325603
http://www.mandriva.com/security/advisories?name=MDKSA-2003:111
(UNKNOWN)  MANDRAKE  MDKSA-2003:111
http://www.redhat.com/support/errata/RHSA-2003-398.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:398
http://www.securityfocus.com/bid/9153
(VENDOR_ADVISORY)  BID  9153
http://xforce.iss.net/xforce/xfdb/13899
(VENDOR_ADVISORY)  XF  linux-rsync-heap-overflow(13899)

- 漏洞信息

rsync服务远程堆破坏漏洞
高危 边界条件错误
2003-12-15 00:00:00 2006-08-22 00:00:00
远程  
        
        rsync是一款用于服务器同步的程序。
        rsync服务存在堆破坏问题,远程攻击者可以利用这个漏洞以rsync进程权限在系统上执行任意指令。
        rsync存在一个未明的堆溢出问题可用于远程执行任意代码,利用这个漏洞不能直接获得管理员权限,不过结合最近的do_brk()函数存在的漏洞可以用于获得root用户权限。如果服务器使用非默认rsyncd.conf配置选项"use chroot = no",可导致使攻击者更容易进行攻击。
        Rsync服务默认监听873端口。
        

- 公告与补丁

        厂商补丁:
        rsync
        -----
        厂商建议运行rsync服务的用户采用如下方法:
        1、马上把rsync升级到2.5.7版本。
        2、如果运行的内核小于2.4.23版本,建议用户升级到最新版本,或采用相应补丁。
        3、检查/etc/rsyncd.conf配置文件,如果使用"use chroot = no"选项请更改为"use chroot = yes",以减低安全威胁。
        2.5.7版本可从如下地址获得:
        
        http://rsync.samba.org/

- 漏洞信息

2898
rsync Unspecified Remote Heap Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Commercial Vendor Verified, Uncoordinated Disclosure, Discovered in the Wild

- 漏洞描述

Due to an unspecified boundary error in the rsync server, a remote attacker can execute remote commands via a heap overflow. If exploited, the attacker could run commands as the same UID the rsync server runs under.

- 时间线

2003-12-04 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.5.7 or higher, as it has been reported to fix this vulnerability. Disabling the rsync server service completely is a temporary workaround.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability
Boundary Condition Error 9153
Yes No
2003-12-04 12:00:00 2009-07-12 12:56:00
Discovery credited to Timo Sirainen, Mike Warfield, Paul Russell, and Andrea Barisani.

- 受影响的程序版本

Sun Cobalt RaQ XTR
Sun Cobalt RaQ 4
Sun Cobalt Qube 3
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 2.3
rsync rsync 2.5.6
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.4
+ OpenBSD OpenBSD 3.3
+ OpenBSD OpenBSD 3.2
+ OpenBSD OpenBSD 3.1
+ OpenBSD OpenBSD 3.0
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG Current
+ Red Hat Fedora Core1
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Slackware Linux 9.1
+ Slackware Linux 9.0
rsync rsync 2.5.5
+ Conectiva Linux 9.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux 8.1
rsync rsync 2.5.4
+ Immunix Immunix OS 7.3
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
rsync rsync 2.5.3
rsync rsync 2.5.2
+ Immunix Immunix OS 7+
rsync rsync 2.5.1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
rsync rsync 2.5 .0
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
rsync rsync 2.4.8
rsync rsync 2.4.6
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
rsync rsync 2.4.5
rsync rsync 2.4.4
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
rsync rsync 2.4.3
+ Caldera OpenLinux 3.1 -IA64
+ Caldera OpenLinux 2.3
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Trustix Secure Linux 1.1
rsync rsync 2.4.1
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ Trustix Secure Linux 1.0 1
rsync rsync 2.4 .0
rsync rsync 2.3.2
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
rsync rsync 2.3.1
+ Caldera OpenLinux eBuilder 3.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
RedHat rsync-2.5.5-4.i386.rpm
+ RedHat Linux 9.0 i386
RedHat rsync-2.5.5-1.i386.rpm
+ RedHat Linux 8.0 i386
RedHat rsync-2.5.4-2.i386.rpm
+ RedHat Linux 7.3 i386
RedHat rsync-2.4.6-5.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat rsync-2.4.6-5.i386.rpm
+ RedHat Linux 7.2 i386
RedHat rsync-2.4.6-2.i386.rpm
+ RedHat Linux 7.1 i386
Red Hat Fedora Core1
EnGarde Secure Professional 1.5
EnGarde Secure Professional 1.2
EnGarde Secure Professional 1.1
EnGarde Secure Community 2.0
EnGarde Secure Community 1.0.1
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.2
Apple Mac OS X 10.2.8
rsync rsync 2.5.7

- 不受影响的程序版本

rsync rsync 2.5.7

- 漏洞讨论

rsync has been reported prone to an undisclosed heap overflow vulnerability when running in daemon mode. The issue has been reported to be remotely exploitable and will provide for an execution of arbitrary code.

- 漏洞利用

There is evidence of an exploit for this issue circulating in the wild, however this exploit has not been made public.

- 解决方案

Sun have released a fix to address this issue in the Sun Cobalt RaQ XTR. The fix is linked below.

Sun have released fixes to address this issue in Sun Cobalt RaQ4 and Qube 3 products. Fixes are linked below.

Immunix has released an advisory and fixes to address this issue.

Mandrake has released an advisory that includes fixes to address this issue.

Red Hat Linux has released an advisory (FEDORA-2003-030) and fixes to address this issue in Fedora Core 1. Affected users are advised to apply appropriate fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Red Hat Linux has released an advisory (RHSA-2003:399-06) to address this issue in Enterprise systems. Affected customers are advised to apply appropriate fixes from the Red Hat Network as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Red Hat Linux has released an advisory (RHSA-2003:398-01) and fixes to address this issue. Affected users are advised to apply appropriate fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Gentoo Linux has released an advisory (200312-03) to address this issue. Gentoo have advised that users upgrade to version 2.5.7 of rsync. Users can accomplish this by typing:
emerge sync;
emerge >=net-misc/rsync-2.5.7

EnGarde has released an advisory (ESA-20031204-032) with fixes to address this issue. Guardian Digital Secure Network subscribers may update affected packages using the WebTool. See referenced advisory for additional details.

Slackware has released Slackware Linux Security Advisory SSA:2003-337-01 with fixes to address this issue.

Advisory OpenPKG-SA-2003.051 has been released by The OpenPKG Project to address this issue.

Debian has released advisory DSA 404-1 to address this issue.

Trustix advisory #2003-0048 has been released with fixes for this issue. See references for additional details.

SuSE Security Announcement SuSE-SA:2003:050 has been released with fixes for this issue.

Conectiva has released an advisory and fixes to address this issue.

OpenBSD has made a fixed version available.

TurboLinux has released a security advisory to address this issue. Affected users are advised to execute the following commands:

# turbopkg

OR

For zabom-1.x

# zabom update rsync

For zabom-2.x

# zabom -u rsync

Additional TurboLinux information is available in the referenced advisory.

rsync version 2.5.7 has been released to resolve these issues.

SGI has released a security advisory 20031202-01-U with fixes for SGI ProPack v2.3 for the Altix family of systems. Please see the referenced advisory for more information.

Apple has released advisories to fix this issue in Apple Jaguar for Mac OS X 10.2.8 and Mac OS X Server 10.2.8 and Panther for Mac OS X 10.3.2 and Mac OS X Server 10.3.2. Please see referenced advisories for more details about obtaining fixes.

SCO has released advisory CSSA-2004-010.0 dealing with this issue. For more information please see the referenced advisory.


Slackware Linux -current

Sun Cobalt RaQ 4

RedHat rsync-2.5.5-4.i386.rpm

RedHat rsync-2.4.6-5.ia64.rpm

Sun Cobalt RaQ XTR

RedHat rsync-2.4.6-2.i386.rpm

Sun Cobalt Qube 3

RedHat rsync-2.5.5-1.i386.rpm

RedHat rsync-2.4.6-5.i386.rpm

RedHat rsync-2.5.4-2.i386.rpm

rsync rsync 2.3.1

rsync rsync 2.3.2

rsync rsync 2.4 .0

rsync rsync 2.4.1

rsync rsync 2.4.3

rsync rsync 2.4.4

rsync rsync 2.4.5

rsync rsync 2.4.6

rsync rsync 2.4.8

rsync rsync 2.5 .0

rsync rsync 2.5.1

rsync rsync 2.5.2

rsync rsync 2.5.3

rsync rsync 2.5.4

rsync rsync 2.5.5

rsync rsync 2.5.6

Slackware Linux 8.1

Slackware Linux 9.0

Slackware Linux 9.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站