WARNING rsync Extremely critical hole found in open source software
Milan Kerslager
milan.kerslager na pslib.cz
Pátek Prosinec 5 12:10:49 CET 2003
On Fri, Dec 05, 2003 at 11:28:25AM +0100, Peter V. (LTS) wrote:
> Je to uz den stara spravicka, ale (mozno) mnohi (ako ja) pouzivajuci rsync
> sa dozvedeli az teraz:
>
> A PROBLEM in rsync is likely to have been used to compromise Gentoo, Debian
> and Savannah.
> And security company Secunia is warning it is an "extremely critical" error
> which needs to be fixed immediately.
> The immediate advice is to filter traffic to the rsync service on port
> 873/tcp, letting only trusted systems to connect.
>
> http://www.theinquirer.net/?article=13037
>
> Viac info google - je tam toho hodne.
> Debianisti este aj:
>
> debian.org compromise cleanup status
> http://www.wiggy.net/debian/status/
On jeste nekdo nechava otevreny volne port bez toho, aby dovolil vstup
pouze pres SSH spojeni na zaklade (vybranych) klicu?
Hm... :-)
Ne - vazne - to je jen navod na dalsi opatreni pro ty, kteri takove veci
potrebuji pro omezenou skupinu lidi a maji ted trochu strach (krome
zmineneho opatreni dovolujiciho pristup jen z vybranych stroju).
--
Milan Kerslager
E-mail: milan.kerslager na pslib.cz
WWW: http://www.pslib.cz/~kerslage/
Další informace o konferenci Linux