rsync客户端增量文件列表远程内存破坏漏洞

SSV-ID: 20424
Published: 2011-03-29

Affected Product:

rsync rsync 3.0.2
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
rsync rsync 3.0.1
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
rsync rsync 3.0
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
rsync rsync 2.6.9
+ Ubuntu Ubuntu Linux 7.10 sparc
+ Ubuntu Ubuntu Linux 7.10 powerpc
+ Ubuntu Ubuntu Linux 7.10 i386
+ Ubuntu Ubuntu Linux 7.10 amd64
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
+ Ubuntu Ubuntu Linux 7.04 amd64
rsync rsync 2.6.8
+ Ubuntu Ubuntu Linux 6.10 sparc
+ Ubuntu Ubuntu Linux 6.10 powerpc
+ Ubuntu Ubuntu Linux 6.10 i386
+ Ubuntu Ubuntu Linux 6.10 amd64
rsync rsync 2.6.7
rsync rsync 2.6.6
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
rsync rsync 2.6.5
rsync rsync 2.6.2
+ OpenPKG OpenPKG 2.1
rsync rsync 2.6.1
rsync rsync 2.6
+ OpenPKG OpenPKG 2.0
rsync rsync 2.5.7
rsync rsync 2.5.6
+ MandrakeSoft Linux Mandrake 9.2
+ MandrakeSoft Linux Mandrake 9.1 ppc
+ MandrakeSoft Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.4
+ OpenBSD OpenBSD 3.3
+ OpenBSD OpenBSD 3.2
+ OpenBSD OpenBSD 3.1
+ OpenBSD OpenBSD 3.0
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG Current
+ Red Hat Fedora Core1
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Slackware Linux 9.1
+ Slackware Linux 9.0
rsync rsync 2.5.5
+ Conectiva Linux 9.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux 8.1
rsync rsync 2.5.4
+ Immunix Immunix OS 7.3
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
rsync rsync 2.5.3
rsync rsync 2.5.2
+ Immunix Immunix OS 7+
rsync rsync 2.5.1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
rsync rsync 2.5 .0
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
rsync rsync 2.4.8
rsync rsync 2.4.6
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Single Network Firewall 7.2
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
rsync rsync 2.4.5
rsync rsync 2.4.4
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
rsync rsync 2.4.3
+ Caldera OpenLinux 3.1 -IA64
+ Caldera OpenLinux 2.3
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Trustix Secure Linux 1.1
rsync rsync 2.4.1
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ Trustix Secure Linux 1.0 1
rsync rsync 2.4 .0
rsync rsync 2.3.2 -1.3
rsync rsync 2.3.2 -1.2 sparc
+ Debian Linux 2.2 sparc
rsync rsync 2.3.2 -1.2 PPC
+ Debian Linux 2.2 powerpc
rsync rsync 2.3.2 -1.2 m68k
+ Debian Linux 2.2 68k
rsync rsync 2.3.2 -1.2 intel
+ Debian Linux 2.2 IA-32
rsync rsync 2.3.2 -1.2 ARM
+ Debian Linux 2.2 arm
rsync rsync 2.3.2 -1.2 alpha
+ Debian Linux 2.2 alpha
rsync rsync 2.3.2
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
rsync rsync 2.3.1
+ Caldera OpenLinux eBuilder 3.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
rsync rsync 3.0.0pre6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop 6

Details:

Bugtraq ID: 47064

rsync是一款文件同步管理软件。
当增量递归启用,--delete启用,关闭--owner时,generator进程(接收端)存在一个内存破坏漏洞。在这些条件下,一些Generatordeep删除函数会临时增加file_extra_cnt,此全局变量用于管理file_structs内存中的格式,并在完成后恢复原始值。增量的目录只影响用于执行删除的临时文件列表,但它也能影响调用这些函数过程中接收到的增量文件列表块,不过可能以错误的格式创建。当恢复原始file_extra_cnt时,存储在每个可应用OPT_EXTRA字段中的值会出现在rsync.h中列出的下一个值中。
攻击者可以构建恶意rsync服务器,诱使用户连接,可导致rsync客户端崩溃或可能以应用程序上下文执行任意代码。

SebugSolutions:

用户可参考如下供应商提供的安全公告获得补丁信息:
http://gitweb.samba.org/?p=rsync.git;a=commitdiff;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6;hp=c8255147b06b74dad940d32f9cef5fbe17595239
@Sebug.net [ 2011-03-31 ]