GLSA
Administrator
Joined: 27 Jun 2003
Posts: 4983
Location: Gothenburg, Sweden
|
 Posted: Wed Apr 13, 2005 6:28 pm Post subject: [ GLSA 200504-12 ] rsnapshot: Local privilege escalation |
 |
|
Gentoo Linux Security Advisory
Title: rsnapshot: Local privilege escalation (GLSA 200504-12)
Severity: high
Exploitable: local
Date: April 13, 2005
Updated: December 30, 2007
Bug(s): #88681
ID: 200504-12
Synopsis
rsnapshot allows a local user to take ownership of local files, resulting in privilege escalation.
Background
rsnapshot is a filesystem snapshot utility based on rsync, allowing local and remote systems backups.
Affected Packages
Package: app-backup/rsnapshot
Vulnerable: < 1.2.1
Unaffected: >= 1.2.1
Unaffected: >= 1.1.7 < 1.1.8
Architectures: All supported architectures
Description
The copy_symlink() subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself.
Impact
Under certain circumstances, local attackers can exploit this vulnerability to take ownership of arbitrary files, resulting in local privilege escalation.
Workaround
The copy_symlink() subroutine is not called if the cmd_cp parameter has been enabled.
Resolution
All rsnapshot users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose app-backup/rsnapshot |
References
rsnapshot Security Advisory 001
CVE-2005-1064
Last edited by GLSA on Mon Dec 31, 2007 4:17 am; edited 5 times in total |
|
News & Announcements
