Martin Spott writes: > I assume you already read this: > > # rsync version 2.5.6 contains a heap overflow vulnerability that can > be used to remotely run arbitrary code. > # While this heap overflow vulnerability could not be used by itself to > obtain root access on a rsync server, it could be used in combination > with the recently announced brk vulnerability in the Linux kernel to > produce a full remote compromise. > # The server that was compromised was using a non-default rsyncd.conf > option "use chroot = no". The use of this option made the attack on > the compromised server considerably easier. A successful attack is > almost certainly still possible without this option, but it would be > much more difficult. > > > I hope we won't run in trouble with our public rsync-server(s). > Hello Curt ;-)))
Yes, hopefully we will (or have) not run into any trouble. In theory both the rsync and kernel issues should all be patched. (keeping my fingers crossed ...) ftp.flightgear.org is still rebooting ... /dev/hdh1 (120Gb) has gone 204 days without being checked, check forced ... might be another hour or two ... :-) Curt. -- Curtis Olson HumanFIRST Program FlightGear Project Twin Cities curt 'at' me.umn.edu curt 'at' flightgear.org Minnesota http://www.flightgear.org/~curt http://www.flightgear.org _______________________________________________ Flightgear-devel mailing list [EMAIL PROTECTED] http://mail.flightgear.org/mailman/listinfo/flightgear-devel
