ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Patch fixes flaw behind Gentoo attack

Matthew Broersma ZDNet.co.uk

Published: 05 Dec 2003 12:50 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The team responsible for Rsync, an open-source file-transfer program, has released a fix for a security flaw used in the recent compromise of a Gentoo Linux project server.

The team said that the attacker used a flaw in Rsync along with a recently-announced bug in the Linux kernel to penetrate the security of the Gentoo machine, which was subsequently taken offline for analysis. Debian Linux project servers were recently compromised using the same Linux kernel flaw, which allows an integer overflow in the system call. This problem has been repaired in a patched version of the Linux kernel.

Rsync is a file transfer program for Unix systems that is tailored for transfers of incremental software changes -- for example, it can be set up to transfer only modified parts of a file, rather than the entire file.

The attack and compromise of Gentoo's server came after several machines belonging to the Debian Linux project were breached by attackers last month. A forensic analysis of the Debian machines revealed no software packages or source code offered for download were affected -- a claim now being made by Gentoo. Gentoo and Debian are both distributions of the open-source operating system based on the Linux kernel, which is highly popular for servers.

The flaw in Rsync versions 2.5.6 and earlier cannot be used on its own to remotely gain administrator, or root, access to a Rsync server, but could be used with the kernel flaw for a full remote compromise -- as was apparently the case with Gentoo's Rsync server. Gentoo's compromised server used a configuration option that made the attack easier, the Rsync team said. The exploit does not work unless Rsync is being used as a server.

Users are recommended to immediately upgrade to the fixed version of Rsync, version 2.5.7, upgrade to a version of the Linux kernel later than 2.4.23, and turn off the "use chroot = no" option in Rsync. Instructions and Rsync patches are available from Rsync's Web site.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Kyocera

Did you find this article useful?
78 out of 169 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Internet Team Leader

Qualifications Knowledge and skills required: - Extensive knowledge of Linux platforms, ideally Debian. To ensure that all Linux related SLA/KPI ...

Are you a Linux Systems Administrator wanting a challenge?

You will need good experience with the following technologies: - Linux/Unix Systems Administration - Redhat, Solaris, Debian, Gentoo, HP-UX - Perl, ...

Linux Administartor - Redhat, Linux, Debian - Somerset

The idea candidate will have a skill set to include as many of the following: Linux (RHEL 3-5, Gentoo, Debian, Unix, Firewalls, Samba and Scripting ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Biometric devices. Do you need one?

When saying “biometrics” I am not thinking about law enforcement, AFIS systems, national ID and visa projects. I first think about personal solutions that will make my life easier.... More

1 comment

Barracuda launches counter-suit agains...

Court cases are never pleasant or simple. The ongoing battle between security companies Trend Micro and Barracuda Networks took a new twist on Wednesday, when Barracuda launched a counter-suit... More

Post a comment

Mobile Speed Demon: Wireless Surpasses...

Mobile Speed Demon: Wireless Surpasses Landline Author: Eric Everson, Founder MyMobiSafe.com As I look around my house and throughout my network of friends, I instantly realize... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers