Support / Security / Advisories / Mandrakelinux 10.0 / MDKSA-2005:100

Package name: rsh
Date: 2005-06-14
Advisory ID: MDKSA-2005:100
Affected versions: 10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server. The updated packages have been patched to correct this problem.

Updated packages

10.2 x86_64

 7d9fd388f7fefa1e454b9d938befcfdc  x86_64/10.2/RPMS/rsh-0.17-13.1.102mdk.x86_64.rpm
decb83a56d54b9d6310f4e1f2aefe555  x86_64/10.2/RPMS/rsh-server-0.17-13.1.102mdk.x86_64.rpm
1b576319abe603cfaa12d8ee3e314b0d  x86_64/10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm

CS2.1 x86_64

 14219e4f9ada6336f7b26a86881942e2  x86_64/corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.x86_64.rpm
c32ccf5751017c29817fdd485c489f4b  x86_64/corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.x86_64.rpm
c828642735f509a405e4582b9f6f3a29  x86_64/corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm

10.0 amd64

 fd2d00b91971f0b137696c0ca256b94a  amd64/10.0/RPMS/rsh-0.17-13.1.100mdk.amd64.rpm
81fffa62d628599cee1f7b590ae4c38e  amd64/10.0/RPMS/rsh-server-0.17-13.1.100mdk.amd64.rpm
259dcd458b33d1de12d172e876366165  amd64/10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm

10.2 i586

 381a2b0e1418a14b618030f27ac445ea  10.2/RPMS/rsh-0.17-13.1.102mdk.i586.rpm
d750e7ffcf28e7530e19a294ca9d6bc7  10.2/RPMS/rsh-server-0.17-13.1.102mdk.i586.rpm
1b576319abe603cfaa12d8ee3e314b0d  10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm

10.1 i586

 de740985b0e213128f8639e3af831b5e  10.1/RPMS/rsh-0.17-13.1.101mdk.i586.rpm
ff6873ae461a9a12e6a2aeee30a80aa0  10.1/RPMS/rsh-server-0.17-13.1.101mdk.i586.rpm
2a5d801cdedfa0b0b588d340b79c9473  10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm

10.0 i586

 5e6f513e437cc9a5a619f323509ca58a  10.0/RPMS/rsh-0.17-13.1.100mdk.i586.rpm
aec49c478c37577b6fd795bd9bb4ba67  10.0/RPMS/rsh-server-0.17-13.1.100mdk.i586.rpm
259dcd458b33d1de12d172e876366165  10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm

CS3.0 x86_64

 37a7576122ea4001257e11d034100c28  x86_64/corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.x86_64.rpm
f7e9c14163f5a56b29fc2b17ae172bfb  x86_64/corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.x86_64.rpm
c6fac5847bb6c80b8c92a22750d1c438  x86_64/corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm

CS3.0 i586

 b20aa1eb70c7bfc006c0c946601c9596  corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.i586.rpm
7ae577ac25ff29385f99516abd79baaf  corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.i586.rpm
c6fac5847bb6c80b8c92a22750d1c438  corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm

CS2.1 i586

 a63459af04b29923eff1606742eb9ce4  corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.i586.rpm
b655300455ec6bd0fb8c782cfbcbe281  corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.i586.rpm
c828642735f509a405e4582b9f6f3a29  corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm

10.1 x86_64

 716ae1dc777924d462d9c502238bda9e  x86_64/10.1/RPMS/rsh-0.17-13.1.101mdk.x86_64.rpm
23ea2409d82a32918e5e132d8e1fff90  x86_64/10.1/RPMS/rsh-server-0.17-13.1.101mdk.x86_64.rpm
2a5d801cdedfa0b0b588d340b79c9473  x86_64/10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175