View Issue Details

IDProjectCategoryView StatusLast Update
0000038administrationsecuritypublic2005-02-23 16:14
Status resolvedResolutionfixed 
PlatformOtherOSotherOS Version
Product Versionunspecified 
Target VersionFixed in Version 
Summary0000038: Gentoo exploit vector
DescriptionVendor-sec confidential

The Gentoo exploit vector appears to have have been a crafted rsync exploit
using do_brk() hole in userspace client.

Please [Greg, Lance] confirm that each caosity host you admin has been patched
with the revised 2.4.24 kernel. Obviously all clients which you access caosity
from by SSH (directly or in a chain of connections) also need to so updated.

I also need to invalidate the installer choice if it is not updated yet.

Finally a lookup from package to package maintainer, so I can find the rsync
maintainer interface is needed. I will RFE seperately.

-- Russ
TagsNo tags attached.




2003-12-04 11:01

reporter   ~0000143

Last edited: 1970-01-01 00:00

Add Greg CC


2003-12-04 11:02

reporter   ~0000144

Last edited: 1970-01-01 00:00

Add Lance to cc

2003-12-04 11:32

reporter   ~0000145

Last edited: 1970-01-01 00:00

mirror.caosity.og I have installed updated kernel - needs reboot to load,, are vservers that use weird kernel
will need to raise ticket for support

Do I understand that you need local access for that exploit, or is remote anon
rsync vulnerable ??

2003-12-04 12:02

reporter   ~0000146

Last edited: 1970-01-01 00:00 now rebooted and running 2.4.20-24.7

expect lots of stuff from tripwire ...

2003-12-04 12:11

reporter   ~0000147

Last edited: 1970-01-01 00:00

To avoid the possibility of ssh exploits being exploitable etc, I intend to
firewall ssh on mirror. (and other caos servers) to only be available from
listed static ips.

Please advise static ip to be listed.

Initially restricted to ld,gmk,orc


2003-12-04 12:15

reporter   ~0000148

Last edited: 1970-01-01 00:00

Yes: remote anon rsync IS (appears to be) vulnerable in the 12/2003 Gentoo case


2003-12-04 12:17

reporter   ~0000149

Last edited: 1970-01-01 00:00

As to IP list, I will advise -- I am going to set up a VPN endpoint which will
appear to be static.

-- Russ Herrold


2005-02-23 16:14

reporter   ~0000150

Last edited: 1970-01-01 00:00

long since overtaken by events - closing

Issue History

Date Modified Username Field Change
2003-12-04 11:01 herrold CC =>
2003-12-04 11:02 herrold CC =>
2003-12-04 12:17 herrold Status NEW => ASSIGNED
2005-02-23 16:14 herrold Status ASSIGNED => RESOLVED
2005-02-23 16:14 herrold Resolution => FIXED