Freedom The Open Source Way Contribute Articles or News to OSForgeOSForge HomeLogout from Forums
Contacting OSForgeOSForge HomeAbout OSForge
  

Root
 Contribute News
 Learning Corner
 Linux Distributions
 Linux Common FAQ's
 Discussion Forums
Community Gallery
Links Directory
Search OSForge
Networking
 Industry Updates
 Linux & Open Source
 Opinions
 Press Release
 Programming
 Security
 Web Development
White Paper
Plat'Home Unveils Winners of “Will Linux Work?” Contest
Zenoss Core Recognized as Best Open Source Network Monitoring Solution
LinMin™ Joins Intel® Certified Software Solutions Program
xTuple™ ERP 3.0 Wins “Best Business Application” At LinuxWorld Conference & Exp
Holland Computing Center - Rocks+Moab Provides Windows/Linux Cluster Solution
LogMeIn Launches Mobile Plug-in for Linux
FuseMail Selects Funambol’s Open Source Push Email and PIM Sync Solution
Zenoss Expands IT Management Solution for Managed Service Providers
Moab Workload Manager Claims Title as World’s First Petaflop Scheduler

View More

Caldera Advisory: rsync supplementary groups
By : Eric Lim [www] Find more article by Eric Lim on Security
Friday the 5th, April 2002 at 01:11 AM (EST)
Send this Story to a Friend Readers TalkBack (0) - 366 Reads

Printer Friendly Page Printable format
Send this Story to a Friend Foward to Email

Caldera Advisory: rsync supplementary groups

1. Problem Description

        Supplementary groups to which the rsync daemon belongs (such as
        root) were not removed from the server process before it performed
        work as an unprivileged uid and gid. The rsync daemon was also
        compiled with a vulnerable version of the zlib library. This
        package corrects both these issues.


2. Vulnerable Supported Versions

        System                          Package
        -----------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to rsync-2.5.0-5.i386.rpm/
                                        prior to rsync-2.5.0-5.src.rpm/

        OpenLinux 3.1.1 Workstation     prior to rsync-2.5.0-5.i386.rpm/
                                        prior to rsync-2.5.0-5.src.rpm/


3. Solution

        The proper solution is to install the latest packages.

4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

        2c8f978df12dabf073361c86f7012210        rsync-2.5.0-5.i386.rpm/

        4.2 Installation

        Install the packages with the following sequence:
               
                rpm -Fvh
                        rsync-2.5.0-5.i386.rpm/
               
        4.3 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

        bffd618c0ad88252b35c33ac821253ad        rsync-2.5.0-5.src.rpm/


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

        2c8f978df12dabf073361c86f7012210        rsync-2.5.0-5.i386.rpm/

        5.2 Installation

        Install the packages with the following sequence:
               
                rpm -Fvh
                        rsync-2.5.0-5.i386.rpm/
               
        5.3 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

        bffd618c0ad88252b35c33ac821253ad        rsync-2.5.0-5.src.rpm/


6. References

        Specific references for this advisory:
                none


        Caldera OpenLinux security resources:
                http://www.caldera.com/support/security/index.html

        Caldera UNIX security resources:
                http://stage.caldera.com/support/security/

        This security fix closes Caldera incidents sr862089, fz520415,
        and erg711995.


7. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on this website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera products.


8. Acknowledgements

        Ethan Benson discovered and researched this vulnerability.

____________________________________________________________________________


--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyrmgoACgkQbluZssSXDTEVcQCg9uiPgzgfPvPXkxJwm1HOXfd5
LAAAn1SreMOXu8Dur7Du2Fg/Z53yyTqr
=hkLL
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--



  
Reader Rating from 1-5

 

Poor very 
1
2
3
4
5 		 very Excellent

Talkback

Post Your Talkback | View All Talkback (0 Posted)

 Currently there are no Talkback posted on "Caldera Advisory: rsync supplementary groups", Click here to be the first to post a talkback.

 
Scroll Up

   About | Term of Use | Privacy | Contact us | Tell a Friend | Advertise  

 OSForge News RSS Feed