|
|
|
|
|
|
Digg |
|
|
|
A critical vulnerability has been discovered in the Rsync file synchronization tool.
An error in the "f_name()" function in the "flist.c" source code file can lead to a stack-based buffer overflow when faced with over length directory names. Under unfavorable circumstances an attacker might be able to execute arbitrary code. The vulnerability, which has been assigned the CVE ID CVE-2007-4091, affects Rsync version 2.6.9 and possibly others. The issue was discovered by Sebastian Krahmer from the Suse Security Team, and disclosed in Krahmer's blog.
An initial update and a patch that removes the vulnerability are already available. Users of Suse Linux can update using the online updater. Users with other systems can patch the source code and build a fix. Users that do not have either of these options are advised to restrict use of Rsync to trusted environments.
|
|
|
| Get your backstage pass to Linux! |
|---|
|
If you're ready for a deeper look, Linux Magazine gives you a view behind the scenes. Don't miss out on the tools, tutorials, and reviews you'll need to unlock the secrets of Linux. |
Comments