Update Closes Rsync Vulnerability

Apr 11, 2008

Distributions such as Ubuntu and Debian are currently in the process of issuing updates to their users to remove a problem with the Rsync tool.

The Rsync synchronization tool is vulnerable to a buffer overflow, however, this assumes that the Extended Attribute (xattr) option is enabled. Versions 2.6.9 through 3.0.1 are affected. The new 3.0.2 version resolves the issue. The "rsync --version" command displays the version number and an overview of the program attributes; if you see "xattrs" in the list, your version of Rsync is affected, unless a "no" prefix precedes the "xattrs" entry. The developers have published a links to a pathc on their security page.

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More