In association with heise online

11 April 2008, 11:29

Security hole closed in rsync file transfer tool

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the rsync file transfer tool have released version 3.0.2 to close a security hole. A buffer overflow related to the extended attributes (xattr) is said to allow attackers to remotely inject and execute arbitrary code on vulnerable systems. Although versions 2.6.9 to 3.0.1 of rsync are generally affected, the xattr function is not supported by default on all systems.

An update resolves the problem. Users running an rsync daemon may alternatively also enter the refuse options = xattrs option in the /etc/rsyncd.conf file, or add this option to the already existing ones. Linux distributors have already released updated packages.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit