Advertisement
Promo

Security threats Toolkit

Patch fixes flaw behind Gentoo attack

Matthew Broersma ZDNet.co.uk

Published: 05 Dec 2003 12:50 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The team responsible for Rsync, an open-source file-transfer program, has released a fix for a security flaw used in the recent compromise of a Gentoo Linux project server.

The team said that the attacker used a flaw in Rsync along with a recently-announced bug in the Linux kernel to penetrate the security of the Gentoo machine, which was subsequently taken offline for analysis. Debian Linux project servers were recently compromised using the same Linux kernel flaw, which allows an integer overflow in the system call. This problem has been repaired in a patched version of the Linux kernel.

Rsync is a file transfer program for Unix systems that is tailored for transfers of incremental software changes -- for example, it can be set up to transfer only modified parts of a file, rather than the entire file.

The attack and compromise of Gentoo's server came after several machines belonging to the Debian Linux project were breached by attackers last month. A forensic analysis of the Debian machines revealed no software packages or source code offered for download were affected -- a claim now being made by Gentoo. Gentoo and Debian are both distributions of the open-source operating system based on the Linux kernel, which is highly popular for servers.

The flaw in Rsync versions 2.5.6 and earlier cannot be used on its own to remotely gain administrator, or root, access to a Rsync server, but could be used with the kernel flaw for a full remote compromise -- as was apparently the case with Gentoo's Rsync server. Gentoo's compromised server used a configuration option that made the attack easier, the Rsync team said. The exploit does not work unless Rsync is being used as a server.

Users are recommended to immediately upgrade to the fixed version of Rsync, version 2.5.7, upgrade to a version of the Linux kernel later than 2.4.23, and turn off the "use chroot = no" option in Rsync. Instructions and Rsync patches are available from Rsync's Web site.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
78 out of 169 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

4 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters