• info
• discussion
• exploit
• solution
• references

Rsync 'xattr' Support Integer Overflow Vulnerability

Solution:
This issue has been fixed in rsync 3.0.2. Please see the references for more information.


rsync rsync 3.0.0pre6

• rsync rsync-3.0.1-xattr-alloc.diff
  http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff

cwRsync cwRsync 2.1

• cwRsync cwRsync 2.1.3
  http://www.itefix.no/phpws/index.php?module=linkman&LMN_op=visitLink&L MN_id=1

cwRsync cwRsync 2.1.1

• cwRsync cwRsync 2.1.3
  http://www.itefix.no/phpws/index.php?module=linkman&LMN_op=visitLink&L MN_id=1

cwRsync cwRsync 2.1.2

• cwRsync cwRsync 2.1.3
  http://www.itefix.no/phpws/index.php?module=linkman&LMN_op=visitLink&L MN_id=1

rsync rsync 2.6.9

• rsync rsync-3.0.1-xattr-alloc.diff
  http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff


• Ubuntu rsync_2.6.9-3ubuntu1.2_amd64.deb
  amd64 architecture (Athlon64, Opteron, EM64T Xeon) - Ubuntu 7.04
  http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubunt u1.2_amd64.deb


• Ubuntu rsync_2.6.9-3ubuntu1.2_i386.deb
  i386 architecture (x86 compatible Intel/AMD) - Ubuntu 7.04
  http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubunt u1.2_i386.deb


• Ubuntu rsync_2.6.9-3ubuntu1.2_powerpc.deb
  powerpc architecture (Apple Macintosh G3/G4/G5) - Ubuntu 7.04
  http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubunt u1.2_powerpc.deb


• Ubuntu rsync_2.6.9-3ubuntu1.2_sparc.deb
  sparc architecture (Sun SPARC/UltraSPARC) - Ubuntu 7.04
  http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubunt u1.2_sparc.deb


• Ubuntu rsync_2.6.9-5ubuntu1.1_amd64.deb
  amd64 architecture (Athlon64, Opteron, EM64T Xeon) - Ubuntu 7.10
  http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-5ubunt u1.1_amd64.deb


• Ubuntu rsync_2.6.9-5ubuntu1.1_i386.deb
  i386 architecture (x86 compatible Intel/AMD) - Ubuntu 7.10
  http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-5ubunt u1.1_i386.deb


• Ubuntu rsync_2.6.9-5ubuntu1.1_powerpc.deb
  powerpc architecture (Apple Macintosh G3/G4/G5) - Ubuntu 7.10
  http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-5ubunt u1.1_powerpc.deb


• Ubuntu rsync_2.6.9-5ubuntu1.1_sparc.deb
  sparc architecture (Sun SPARC/UltraSPARC) - Ubuntu 7.10
  http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-5ubunt u1.1_sparc.deb

rsync rsync 3.0

• rsync rsync-3.0.1-xattr-alloc.diff
  http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff

rsync rsync 3.0.1

• rsync rsync-3.0.1-xattr-alloc.diff
  http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff