Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2561 |
Message | MISC rsync backup-dir directory traversal attempt |
Summary | This event is generated when an attempt is made to exploit a vulnerability associated with rsync. |
Impact | A successful attack may allow files to be existing files to be overwritten or new files created on the rsync server. |
Detailed Information | rsync is used to remote copy files. A command line option "--backup-dir" can be used to specify a directory where backup files are to be placed. There is no validation of the argument supplied to this option to scrutinize it for proper formatting. A malicious user can try to overwrite existing files or create new ones on a vulnerable host by supplying a value to "--backup-dir" that is relative to the root directory. |
Affected Systems | Many Unix and Linux distributions running rsync. See http://www.securityfocus.com/bid/10247 for affected operating systems. |
Attack Scenarios | An attacker can send a rsync command supplying the -backup-dir option with a path relative to the root file system, overwriting or creating new files on the vulnerable host. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest non-affected version of the software. Run the rsync server in a chroot environment. |
Additional References | |
Rule References | bugtraq: 10247 cve: 2004-0426 nessus: 12230 |
--
DID:315053
--
http://www.aanval.com/