French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes rsync Buffer Overflow Vulnerability

Title : Mandriva Security Update Fixes rsync Buffer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2008-1201
CVE ID : CVE-2008-1720
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-04-14

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service or compromise an affected system [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
015dee0e8b724a60a702aac81194128b 2007.0/i586/rsync-2.6.9-5.2mdv2007.0.i586.rpm
da32538186f22095454d5fd905c43f18 2007.0/SRPMS/rsync-2.6.9-5.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
6c40f172781c4b6e8e29afea66eceda5 2007.0/x86_64/rsync-2.6.9-5.2mdv2007.0.x86_64.rpm
da32538186f22095454d5fd905c43f18 2007.0/SRPMS/rsync-2.6.9-5.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
c9ca16a3e8d078ff91544bed44adf29a 2007.1/i586/rsync-2.6.9-5.2mdv2007.1.i586.rpm
e2fd457f3d5b29d2e0ff2e90103edf52 2007.1/SRPMS/rsync-2.6.9-5.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
04f27441429d634ac818987560a4c84b 2007.1/x86_64/rsync-2.6.9-5.2mdv2007.1.x86_64.rpm
e2fd457f3d5b29d2e0ff2e90103edf52 2007.1/SRPMS/rsync-2.6.9-5.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
a94efaeca944875ae05ae4ed6258db87 2008.0/i586/rsync-2.6.9-5.2mdv2008.0.i586.rpm
9b325b104fc1b0252103c1fd7d92b64e 2008.0/SRPMS/rsync-2.6.9-5.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
c1345a5a22eb0b15dc7975cb39ae75d3 2008.0/x86_64/rsync-2.6.9-5.2mdv2008.0.x86_64.rpm
9b325b104fc1b0252103c1fd7d92b64e 2008.0/SRPMS/rsync-2.6.9-5.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
303269d032057cf2188daa61c5a9514e 2008.1/i586/rsync-3.0.2-0.1mdv2008.1.i586.rpm
4d6d3d0908bd35a4151e9c05b848affc 2008.1/SRPMS/rsync-3.0.2-0.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
de82c38e7c764990cd8cec60907af8d0 2008.1/x86_64/rsync-3.0.2-0.1mdv2008.1.x86_64.rpm
4d6d3d0908bd35a4151e9c05b848affc 2008.1/SRPMS/rsync-3.0.2-0.1mdv2008.1.src.rpm

Corporate 3.0:
0ec10ce483edb010b3fa914de3a249d5 corporate/3.0/i586/rsync-2.6.9-4.2.C30mdk.i586.rpm
03e2cc506c2df32dcecddfc005aaefe9 corporate/3.0/SRPMS/rsync-2.6.9-4.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
242602d0ff175c4ef6a36bcf0f2fc544 corporate/3.0/x86_64/rsync-2.6.9-4.2.C30mdk.x86_64.rpm
03e2cc506c2df32dcecddfc005aaefe9 corporate/3.0/SRPMS/rsync-2.6.9-4.2.C30mdk.src.rpm

Corporate 4.0:
436bcca45d69c4ad6bd662c9554b21b3 corporate/4.0/i586/rsync-2.6.9-4.2.20060mlcs4.i586.rpm
59a9aacffd74793315403ea016e4cd80 corporate/4.0/SRPMS/rsync-2.6.9-4.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
105b47b006fc912edb42fc5ff170b89a corporate/4.0/x86_64/rsync-2.6.9-4.2.20060mlcs4.x86_64.rpm
59a9aacffd74793315403ea016e4cd80 corporate/4.0/SRPMS/rsync-2.6.9-4.2.20060mlcs4.src.rpm

ChangeLog

2008-04-14 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Microsoft Visual Studio "Msmask32" Code Execution Vulnerability

Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)

Microsoft Windows Messenger Data Disclosure (MS08-050)

Microsoft Windows Event System Code Execution (MS08-049)

Microsoft Outlook and Mail Security Bypass Vulnerability (MS08-048)

Microsoft Windows IPsec Policy Data Disclosure Vulnerability (MS08-047)

Microsoft Windows MSCMS Code Execution Vulnerability (MS08-046)

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities

Apple Xcode Code Execution and Information Disclosure Vulnerabilities

Apple TV Data Processing Remote Code Execution Vulnerabilities

Apple Mac OS X Command Execution and Security Bypass Issues

Apple Safari for Mac OS X Remote Code Execution Vulnerability

Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy