| GEN:SID | 1:2561 |
| Message | MISC rsync backup-dir directory traversal attempt |
| Summary | This event is generated when an attempt is made to exploit a vulnerability associated with rsync.
|
| Impact | A successful attack may allow files to be existing files to be overwritten or new files created on the rsync server.
|
| Detailed Information | rsync is used to remote copy files. A command line option "--backup-dir" can be used to specify a directory where backup files are to be placed. There is no validation of the argument supplied to this option to scrutinize it for proper formatting. A malicious user can try to overwrite existing files or create new ones on a vulnerable host by supplying a value to "--backup-dir" that is relative to the root directory.
|
| Affected Systems | Many Unix and Linux distributions running rsync. See http://www.securityfocus.com/bid/10247 for affected operating systems.
|
| Attack Scenarios | An attacker can send a rsync command supplying the -backup-dir option with a path relative to the root file system, overwriting or creating new files on the vulnerable host.
|
| Ease of Attack | Simple.
|
| Corrective Action | Upgrade to the latest non-affected version of the software. Run the rsync server in a chroot environment.
|
| Additional References | |
| Rule References | bugtraq: 10247
cve: 2004-0426
nessus: 12230
|