Bug#453652: rsync: prone to symlink attacks

On Fri, Nov 30, 2007 at 02:18:28PM +0100, Paul Slootman wrote: > On Fri 30 Nov 2007, Nico Golde wrote: > > > attached is an NMU proposal to fix this bug just in case you > > have no time to fix this. > > Is this based on upstream's patch? > > > For this I needed to backport the patch cause it w

Bug#453652: rsync: prone to symlink attacks

Hi, the following CVE ids were assigned to these vulnerabilities: CVE-2007-6200[0]: | Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable | rsync daemon, allows remote attackers to bypass exclude, exclude_from, and | filter and read or write hidden files via (1) symlink, (

Bug#453652: rsync: prone to symlink attacks

Hi Paul, * Paul Slootman <[EMAIL PROTECTED]> [2007-11-30 16:53]: > On Fri 30 Nov 2007, Nico Golde wrote: > > > There is a patch available for 2.6.9 (2.6.9-2etch1 is the current stable > > > version). > > > > http://rsync.samba.org/ftp/rsync/munge-symlinks-2.6.9.diff > > if you mean this patch thi

Bug#453652: rsync: prone to symlink attacks

Hi Paul, pressed 'y' too fast so forgot the modified patch. Here it is. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. diff -Nurad rsync-2.6.9/clientserver.c rsync-2.6.9.new/clientserver.

Bug#453652: rsync: prone to symlink attacks

On Fri 30 Nov 2007, Nico Golde wrote: > > > > There is a patch available for 2.6.9 (2.6.9-2etch1 is the current stable > > version). > > http://rsync.samba.org/ftp/rsync/munge-symlinks-2.6.9.diff > if you mean this patch this at least does not apply to the > unstable version thats why I ported

Bug#453652: rsync: prone to symlink attacks

Hi Paul, sorry for the fuckup in the paste of the vulnerability, just saw it in the BTS that its unformatted. * Paul Slootman <[EMAIL PROTECTED]> [2007-11-30 14:42]: > On Fri 30 Nov 2007, Nico Golde wrote: > > > attached is an NMU proposal to fix this bug just in case you > > have no time to fi

Bug#453652: rsync: prone to symlink attacks

On Fri 30 Nov 2007, Nico Golde wrote: > attached is an NMU proposal to fix this bug just in case you > have no time to fix this. Is this based on upstream's patch? > For this I needed to backport the patch cause it won't apply > with the version in Debian. There is a patch available for 2.6.9

Bug#453652: rsync: prone to symlink attacks

Hi, attached is an NMU proposal to fix this bug just in case you have no time to fix this. For this I needed to backport the patch cause it won't apply with the version in Debian. It will be also archived on: http://people.debian.org/~nion/nmu-diff/rsync-2.6.4-6_2.6.4-6.1.patch Kind regards Ni