Re: Rsync
On Sat, 26 Jan 2002, Peter Billson wrote:
> I just applied the security fix to rsync and now it is dumping core.
> Before I report this as a bug, I thought I'd check to see if anyone else
> is having trouble.
I am now receiving:
Warning: unexpected read size of 0 in map_ptr
This is with rsync (netbsd package) 2.3.1 (not updated) connecting with
rsync (debian package) 2.3.2-1.3. (Going either way.)
I never use rsync as a daemon. The rsync announcement says "Although this
vulnerability is primarily important for people running rsync daemons, it
is not impossible that a malicious rsync server could use it to attack a
client who connects over either ssh or port 873."
So does this mean that it doesn't really matter if you upgrade if you
don't use a rsync daemon? (Or why would you have a "malicious" rsync
server?)
Jeremy C. Reed
Reply to:
- References:
- Rsync
- From: Peter Billson <pete@elbnet.com>