Re: rsync security advisory

2003-12-04 Thread Paul Slootman
On Thu 04 Dec 2003, Martin Pool wrote: - rsync version 2.5.6 contains a heap overflow vulnerability that can be used to remotely run arbitrary code. Is this specific to 2.5.6, or are earlier versions also vulnerable? Important detail, as it makes the difference between needing to upgrade

Re: [rsync-announce] rsync security advisory

2003-12-04 Thread Daemian Mack
[EMAIL PROTECTED] wrote: rsync 2.5.6 security advisory - December 4th 2003 Background -- The rsync team has received evidence that a vulnerability in rsync was recently used in combination with a Linux kernel vulnerability to compromise the security of a public

Re: rsync security advisory

2003-12-04 Thread Paul Slootman
On Thu 04 Dec 2003, Paul Haas wrote: On Thu 04 Dec 2003, Martin Pool wrote: - rsync version 2.5.6 contains a heap overflow vulnerability that can be used to remotely run arbitrary code. Is this specific to 2.5.6, or are earlier versions also vulnerable? Important detail, as it

Re: rsync security advisory

2003-12-04 Thread Paul Haas
On Thu, 4 Dec 2003, Paul Slootman wrote: Date: Thu, 4 Dec 2003 11:34:44 +0100 From: Paul Slootman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: rsync security advisory On Thu 04 Dec 2003, Martin Pool wrote: - rsync version 2.5.6 contains a heap overflow vulnerability that can

Re: [SECURITY] [DSA 404-1] New rsync packages fix unauthorised remote code execution

2003-12-04 Thread Paul Slootman
The following announcement was made by the Debian security team: Paul Slootman Date: Thu, 4 Dec 2003 17:09:35 +0100 (CET) To: Debian Security Announcements [EMAIL PROTECTED] From: Martin Schulze [EMAIL PROTECTED] Subject: [SECURITY] [DSA 404-1] New rsync packages fix unauthorised remote code

Re: [Linux-ME] daily backup (incremental backup ) - SOLVED

2003-12-04 Thread Bipinchandra Ranpura
Dear Manoj, Have found out the mistake in my script. One must create directory if he/she wants to move old files to backup directory. In my script I was not creating any new backup-dir(datewise), therefore despite of have -b --backup-dir flags it was not working. This means rsync can only

Re: rsync / ssh -i

2003-12-04 Thread Martin Pool
On 4 Dec 2003, Michael [EMAIL PROTECTED] wrote: I know that with ssh I can issue the -i command to use a different identity. Is there anyway to use the -i command with rsync and ssh? Thank you. Use the IdentityFile and Host keywords in your ssh_config: Host suzy-alt-key HostName

CVS update: rsyncweb

2003-12-04 Thread Martin Pool
Date: Thu Dec 4 10:59:33 2003 Author: mbp Update of /data/cvs/rsyncweb In directory dp.samba.org:/tmp/cvs-serv18506 Modified Files: index.html Log Message: Clarify that the problem is with 2.5.6 *and earlier*. Add CVE index. Revisions: index.html 1.17 = 1.18