Gentoo Logo

rsnapshot: Local privilege escalation

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200504-12 / rsnapshot
Release Date April 13, 2005
Latest Revision December 30, 2007: 05
Impact high
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
app-backup/rsnapshot < 1.2.1 >= 1.2.1, revision >= 1.1.7 All supported architectures

Related bugreports: #88681

Synopsis

rsnapshot allows a local user to take ownership of local files, resulting in privilege escalation.

2.  Impact Information

Background

rsnapshot is a filesystem snapshot utility based on rsync, allowing local and remote systems backups.

Description

The copy_symlink() subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself.

Impact

Under certain circumstances, local attackers can exploit this vulnerability to take ownership of arbitrary files, resulting in local privilege escalation.

3.  Resolution Information

Workaround

The copy_symlink() subroutine is not called if the cmd_cp parameter has been enabled.

Resolution

All rsnapshot users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose app-backup/rsnapshot

4.  References

Print

Page updated April 13, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.