View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000038||administration||security||public||2003-12-04 11:00||2005-02-23 16:14|
|Target Version||Fixed in Version|
|Summary||0000038: Gentoo exploit vector|
The Gentoo exploit vector appears to have have been a crafted rsync exploit
using do_brk() hole in userspace client.
Please [Greg, Lance] confirm that each caosity host you admin has been patched
with the revised 2.4.24 kernel. Obviously all clients which you access caosity
from by SSH (directly or in a chain of connections) also need to so updated.
I also need to invalidate the installer choice if it is not updated yet.
Finally a lookup from package to package maintainer, so I can find the rsync
maintainer interface is needed. I will RFE seperately.
|Tags||No tags attached.|
|Add Greg CC|
|Add Lance to cc|
mirror.caosity.og I have installed updated kernel - needs reboot to load
caosity.org,caosforge.net,temple.caosity.org are vservers that use weird kernel
will need to raise ticket for support
Do I understand that you need local access for that exploit, or is remote anon
rsync vulnerable ??
mirror.caosity.org now rebooted and running 2.4.20-24.7
expect lots of stuff from tripwire ...
To avoid the possibility of ssh exploits being exploitable etc, I intend to
firewall ssh on mirror. (and other caos servers) to only be available from
listed static ips.
Please advise static ip to be listed.
Initially restricted to ld,gmk,orc
|Yes: remote anon rsync IS (appears to be) vulnerable in the 12/2003 Gentoo case|
As to IP list, I will advise -- I am going to set up a VPN endpoint which will
appear to be static.
-- Russ Herrold
|long since overtaken by events - closing|