Update Closes Rsync Vulnerability
Apr 11, 2008
Distributions such as Ubuntu and Debian are currently in the process of issuing updates to their users to remove a problem with the Rsync tool.
The Rsync synchronization tool is vulnerable to a buffer overflow, however, this assumes that the Extended Attribute (xattr) option is enabled. Versions 2.6.9 through 3.0.1 are affected. The new 3.0.2 version resolves the issue. The "rsync --version" command displays the version number and an overview of the program attributes; if you see "xattrs" in the list, your version of Rsync is affected, unless a "no" prefix precedes the "xattrs" entry. The developers have published a links to a pathc on their security page.