So there've been numerous bulletins to bugtraq, etc. about remote
vulnerabilities in rsync prior to 2.4.6 or so. I saw no FreeBSD-specific
announcements, however the hole appeared to be pretty generic, so I
upgraded anyways to the current version in /usr/ports, 2.5.2. Since the
vulnerability announcements, and both before *and* after my upgrade, I've
been seeing core dumps from the two public rsync servers I run for
apache.org.

Feb 1 07:34:09 daedalus /kernel: pid 81088 (rsync), uid 65534: exited on signal 11

Since it runs as an untrusted user and I see no evidence of a compromise I
assume it's script kiddies trying whatever linux exploit
shove-3-K-of-^'s-in-a-header kind of attack they might have, but the fact
that it still causes a seg fault despite upgrading to a supposedly "fixed"
version is somewhat concerning. Is anyone else seeing this? I can't
recreate what causes the core dump, I suppose doing a tcpdump to see what
people are feeding my server is the next step.

        Brian

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]