Bug 58823 (CVE-2004-0792)

Summary: VUL-0: CVE-2004-0792: rsync path-sanitizing bug (security)
Product: [Novell Products] SUSE Security Incidents Reporter: Mads Martin Joergensen <mmj>
Component: IncidentsAssignee: Thomas Biege <thomas>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Critical    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0792: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Mads Martin Joergensen 2004-08-15 04:56:36 UTC 
http://samba.org/rsync/#security_aug04

"There is a path-sanitizing bug that affects daemon mode in all recent rsync
versions (including 2.6.2) but only if chroot is disabled. It does NOT affect
the normal send/receive filenames that specify what files should be transferred
(this is because these names happen to get sanitized twice, and thus the second
call removes any lingering leading slash(es) that the first call left behind).
It does affect certain option paths that cause auxilliary files to be read or
written."

There's a source-code patch which I've applied to 8.1, 8.2, 9.0 and 9.1 and
submitted for checkin. Patchinfo's are still missing.
Comment 1 Ruediger Oertel 2004-08-16 06:23:07 UTC 
patchinfos are written 
who of sec-team is handling this? please take over this bug ...
Comment 2 Marcus Meissner 2004-08-16 14:10:24 UTC 
Thomas, can you handle this? 
 
we need to get this out today if possible.
Comment 3 Thomas Biege 2004-08-16 20:53:49 UTC 
packages approved.. advisory follows in a few minutes.....
Comment 4 Marcus Meissner 2007-11-30 10:29:46 UTC 
CVE-2004-0792
Comment 5 Thomas Biege 2009-10-13 20:31:46 UTC 
CVE-2004-0792: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)