Subject: Re: rsync flaw
To: Steve Bellovin <email@example.com>
From: David Maxwell <firstname.lastname@example.org>
Date: 12/05/2003 00:04:18
On Thu, Dec 04, 2003 at 12:54:22PM -0500, Steve Bellovin wrote:
> Although this is covered by audit-packages, this flaw seems to be very
> critical: there's a flaw in rsyncd, and it has apparently been used to
> compromise public rsync servers.
Rsync has been updated on the NetBSD Project public rsync server.
We have no reason to believe any attacks were made on the public rsync
service, but we are looking for any signs of malicious activity, and
we'll report the results of that effort.