Re: Rsync

To: Peter Billson <pete@elbnet.com>
Cc: debian-isp@lists.debian.org
Subject: Re: Rsync
From: "Jeremy C. Reed" <reed@wcug.wwu.edu>
Date: Sat, 26 Jan 2002 15:30:00 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.21.0201261516410.13500-100000@sloth.wcug.wwu.edu>
In-reply-to: <[🔎] 3C52BE34.3085EC78@elbnet.com>

On Sat, 26 Jan 2002, Peter Billson wrote:

>   I just applied the security fix to rsync and now it is dumping core.
> Before I report this as a bug, I thought I'd check to see if anyone else
> is having trouble.

I am now receiving:
 Warning: unexpected read size of 0 in map_ptr

This is with rsync (netbsd package) 2.3.1 (not updated) connecting with
rsync (debian package) 2.3.2-1.3. (Going either way.)

I never use rsync as a daemon. The rsync announcement says "Although this
vulnerability is primarily important for people running rsync daemons, it
is not impossible that a malicious rsync server could use it to attack a
client who connects over either ssh or port 873."

So does this mean that it doesn't really matter if you upgrade if you
don't use a rsync daemon? (Or why would you have a "malicious" rsync
server?)

  Jeremy C. Reed

Reply to:

References:
- Rsync
  - From: Peter Billson <pete@elbnet.com>

Prev by Date: Re: XML - help needed
Next by Date: about new domain name and DNS server
Previous by thread: Re: Rsync
Next by thread: XML - help needed
Index(es):
- Date
- Thread