CVE-2004-0426
CVSS5.0
发布时间 :2004-07-07 00:00:00
修订时间 :2016-10-17 22:45:18
NMCOS    

[原文]rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.


[CNNVD]RSync配置模块路径穿越漏洞(CNNVD-200407-020)

        
        rsync是一款用于服务器同步的程序。
        rsync server在使用读/写模块时不使用'chroot'选项时不充分过滤路径信息,远程攻击者可以利用这个漏洞使rsync写文件到配置模块路径限制之外的位置上。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:967rsync Path Sanitation Vulnerability
oval:org.mitre.oval:def:9495rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0426
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-020
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108515912212018&w=2
(UNKNOWN)  BUGTRAQ  20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync)
http://rsync.samba.org/
(VENDOR_ADVISORY)  CONFIRM  http://rsync.samba.org/
http://www.ciac.org/ciac/bulletins/o-134.shtml
(UNKNOWN)  CIAC  O-134
http://www.ciac.org/ciac/bulletins/o-212.shtml
(UNKNOWN)  CIAC  O-212
http://www.debian.org/security/2004/dsa-499
(VENDOR_ADVISORY)  DEBIAN  DSA-499
http://www.gentoo.org/security/en/glsa/glsa-200407-10.xml
(UNKNOWN)  GENTOO  GLSA-200407-10
http://www.mandriva.com/security/advisories?name=MDKSA-2004:042
(UNKNOWN)  MANDRAKE  MDKSA-2004:042
http://www.redhat.com/support/errata/RHSA-2004-192.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:192
http://www.securityfocus.com/bid/10247
(UNKNOWN)  BID  10247
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.403462
(UNKNOWN)  SLACKWARE  SSA:2004-124-01
http://www.trustix.net/errata/misc/2004/TSL-2004-0024-rsync.asc.txt
(UNKNOWN)  TRUSTIX  TSL-2004-0024
http://xforce.iss.net/xforce/xfdb/16014
(UNKNOWN)  XF  rsync-write-files(16014)

- 漏洞信息

RSync配置模块路径穿越漏洞
中危 访问验证错误
2004-07-07 00:00:00 2006-08-22 00:00:00
远程  
        
        rsync是一款用于服务器同步的程序。
        rsync server在使用读/写模块时不使用'chroot'选项时不充分过滤路径信息,远程攻击者可以利用这个漏洞使rsync写文件到配置模块路径限制之外的位置上。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 使用'chroot'模式:
        "use chroot = yes"
        厂商补丁:
        Debian
        ------
        
        http://www.debian.org/security/2004/dsa-499

        rsync
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        rsync Upgrade rsync-2.6.1.tar.gz
        
        http://rsync.samba.org/ftp/rsync/rsync-2.6.1.tar.gz

- 漏洞信息

5731
rsync Traversal Arbitrary File Creation
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote unchecked input exists in rsync. The program fails to check write inputs resulting in file write access outside the intended path. With a specially crafted request, an attacker can write files outside the module path, resulting in a loss of integrity.

- 时间线

2004-04-29 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.6.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Run rsync in a chroot environment.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

RSync Configured Module Path Escaping Vulnerability
Access Validation Error 10247
Yes No
2004-04-26 12:00:00 2009-07-12 04:07:00
This vulnerability was disclosed by the vendor.

- 受影响的程序版本

rsync rsync 2.6
+ OpenPKG OpenPKG 2.0
rsync rsync 2.5.7
rsync rsync 2.5.6
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.4
+ OpenBSD OpenBSD 3.3
+ OpenBSD OpenBSD 3.2
+ OpenBSD OpenBSD 3.1
+ OpenBSD OpenBSD 3.0
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG Current
+ Red Hat Fedora Core1
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Slackware Linux 9.1
+ Slackware Linux 9.0
rsync rsync 2.5.5
+ Conectiva Linux 9.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux 8.1
rsync rsync 2.5.4
+ Immunix Immunix OS 7.3
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
rsync rsync 2.5.3
rsync rsync 2.5.2
+ Immunix Immunix OS 7+
rsync rsync 2.5.1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
rsync rsync 2.5 .0
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
rsync rsync 2.4.8
rsync rsync 2.4.6
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
rsync rsync 2.4.5
rsync rsync 2.4.4
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
rsync rsync 2.4.3
+ Caldera OpenLinux 3.1 -IA64
+ Caldera OpenLinux 2.3
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Trustix Secure Linux 1.1
rsync rsync 2.4.1
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ Trustix Secure Linux 1.0 1
rsync rsync 2.4 .0
rsync rsync 2.3.2 -1.3
rsync rsync 2.3.2 -1.2 sparc
+ Debian Linux 2.2 sparc
rsync rsync 2.3.2 -1.2 PPC
+ Debian Linux 2.2 powerpc
rsync rsync 2.3.2 -1.2 m68k
+ Debian Linux 2.2 68k
rsync rsync 2.3.2 -1.2 intel
+ Debian Linux 2.2 IA-32
rsync rsync 2.3.2 -1.2 ARM
+ Debian Linux 2.2 arm
rsync rsync 2.3.2 -1.2 alpha
+ Debian Linux 2.2 alpha
rsync rsync 2.3.2
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
rsync rsync 2.3.1
+ Caldera OpenLinux eBuilder 3.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
RedHat Linux Advanced Work Station 2.1
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
Mandriva Linux Mandrake 9.1 ppc
Mandriva Linux Mandrake 9.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Conectiva Linux 9.0
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.2.8
rsync rsync 2.6.1

- 不受影响的程序版本

rsync rsync 2.6.1

- 漏洞讨论

If an rsync server is installed as a daemon with a read/write enabled module without using the 'chroot' option, it is possible that a remote attacker could write files outside of the configure module path. Rsync does not properly sanitize the paths when not running with chroot.

The result is that attackers may potentially write files to the system, resulting in various consequences such as execution of arbitrary code or denial of service.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <vuldb@securityfocus.com>.

- 解决方案

The vendor has released an upgraded version of rsync. Install version 2.6.1 or later.

Trustix has released advisory 2004-0024 along with fixes dealing
with this issue. Please see the referenced advisory for more information
and details on obtaining fixes.

Debian has released an advisory (DSA 499-1) and fixes for this issue. See the referenced advisory for links to fixed packages.

Slackware has released an advisory (SSA:2004-124-01) and fixes for this issue. See the referenced advisory for links to fixed packages.

Mandrake has released an advisory (MDKSA-2004:042) and fixes for this issue. See the referenced advisory for links to fixed packages.

Red Hat has released an advisory (RHSA-2004:192-06) and fixes for this issue. See the referenced advisory for links to fixed packages.

OpenPKG has release an advisory (OpenPKG-SA-2004.025) for this issue. Please see the referenced advisory for more information and details on obtaining fixes.

Silicon Graphics has released advisory 20040509-01-U and fixes dealing with this and other issues for SGI ProPack 3. Please see the referenced advisory for more information.

Silicon Graphics has released advisory 20040508-01-U and fixes dealing with this and other issues for SGI ProPack 2.4. Please see the referenced advisory for more information.

Debian has released an updated advisory (DSA 499-2) addressing this issue. The updated advisory contains an additional fix related to this issue. Please see the referenced advisory for more information.

RedHat has released an advisory (FEDORA-2004-116) to address this issue in Fedora Core 1. Please see the referenced advisory for more information.

Gentoo has released an advisory that includes updates for this issue. Updates may be applied with the following commands:
emerge sync
emerge -pv ">=net-misc/rsync-2.6.0-r2"
emerge ">=net-misc/rsync-2.6.0-r2"

Apple has released an advisory (APPLE-SA-0024-09-07) along with fixes to address this, and many other issues. Please see the referenced advisory for further information.

RedHat has released a Fedora legacy advisory (FLSA:2003) to address various issues in rsync. This advisory fixes these issues in Red Hat Linux 7.3 and 9 running on the i386 architecture. Please see the referenced advisory for more details and information about obtaining fixes.

Contectiva Linux has released advisory CLA-2004:881 along with fixes dealing with this issue. Please see the referenced advisory for more information.


Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3.4

Apple Mac OS X Server 10.3.4

Apple Mac OS X Server 10.3.5

Apple Mac OS X 10.3.5

MandrakeSoft Multi Network Firewall 2.0

MandrakeSoft Corporate Server 2.1

MandrakeSoft Corporate Server 2.1 x86_64

rsync rsync 2.3.1

rsync rsync 2.3.2 -1.2 sparc

rsync rsync 2.3.2

rsync rsync 2.3.2 -1.2 ARM

rsync rsync 2.3.2 -1.2 m68k

rsync rsync 2.3.2 -1.3

rsync rsync 2.3.2 -1.2 alpha

rsync rsync 2.3.2 -1.2 PPC

rsync rsync 2.3.2 -1.2 intel

rsync rsync 2.4 .0

rsync rsync 2.4.1

rsync rsync 2.4.3

rsync rsync 2.4.4

rsync rsync 2.4.5

rsync rsync 2.4.6

rsync rsync 2.4.8

rsync rsync 2.5 .0

rsync rsync 2.5.1

rsync rsync 2.5.2

rsync rsync 2.5.3

rsync rsync 2.5.4

rsync rsync 2.5.5

rsync rsync 2.5.6

rsync rsync 2.5.7

rsync rsync 2.6

Mandriva Linux Mandrake 9.1 ppc

Mandriva Linux Mandrake 9.1

Mandriva Linux Mandrake 9.2

Mandriva Linux Mandrake 9.2 amd64

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站