WARNING rsync Extremely critical hole found in open source software

[Milan Kerslager]

On Fri, Dec 05, 2003 at 11:28:25AM +0100, Peter V. (LTS) wrote:
> Je to uz den stara spravicka, ale (mozno) mnohi (ako ja) pouzivajuci rsync
> sa dozvedeli az teraz:
> 
> A PROBLEM in rsync is likely to have been used to compromise Gentoo, Debian
> and Savannah.
> And security company Secunia is warning it is an "extremely critical" error
> which needs to be fixed immediately.
> The immediate advice is to filter traffic to the rsync service on port
> 873/tcp, letting only trusted systems to connect.
> 
> http://www.theinquirer.net/?article=13037
> 
> Viac info google - je tam toho hodne.
> Debianisti este aj:
> 
> debian.org compromise cleanup status
> http://www.wiggy.net/debian/status/

On jeste nekdo nechava otevreny volne port bez toho, aby dovolil vstup
pouze pres SSH spojeni na zaklade (vybranych) klicu?

Hm... :-)

Ne - vazne - to je jen navod na dalsi opatreni pro ty, kteri takove veci
potrebuji pro omezenou skupinu lidi a maji ted trochu strach (krome
zmineneho opatreni dovolujiciho pristup jen z vybranych stroju).

-- 
                        Milan Kerslager
                        E-mail: milan.kerslager na pslib.cz
                        WWW:    http://www.pslib.cz/~kerslage/