Extremely critical hole found in open source software

Toggle sidebar Toggle sidebar
XZeroII

XZeroII

Lifer
Jun 30, 2001
12,572
0
0
http://www.theinquirer.net/?article=13037

If you are using this 'rsync' you'd better be worrying.

A PROBLEM in rsync is likely to have been used to compromise Gentoo, Debian and Savannah.
And security company Secunia is warning it is an "extremely critical" error which needs to be fixed immediately.

Secunia said that the vulnerability has been used to compromise servers on the Internet already, and allows people to execute arbitrary code on systems.

It's caused by an unspecified boundary error, which the malicious can use to cause heap overflows.

The immediate advice is to filter traffic to the rsync service on port 873/tcp, letting only trusted systems to connect.
Click to expand...
 
XZeroII

XZeroII

Lifer
Jun 30, 2001
12,572
0
0
Originally posted by: jjsole
Propaganda put out by MS. :D
Click to expand...

Oh? ;)

why wasn't this on the front page of every newspaper like what happens when there is a MS vulnerablility?
 
N

ndee

Lifer
Jul 18, 2000
12,680
1
0
no one says that open source software is bug free. And according to another website, a patch was out for 2 months.
 
R

rahvin

Elite Member
Oct 10, 1999
8,475
1
0
Originally posted by: XZeroII
Originally posted by: jjsole
Propaganda put out by MS. :D
Click to expand...

Oh? ;)

why wasn't this on the front page of every newspaper like what happens when there is a MS vulnerablility?
Click to expand...

For a simple reason, some obscure bug that takes skilled methods to crack is not the same as a worm that automatically runs from in outlook and proceeds to compromise every computer on the network then emails itself to everyone listed on the computer. This is compounded by 95% of workstations having microsoft products on them that are rarely if ever patched and a user base that is technologically incompetent. Another explanation would be that this was used to compromise 3 servers and the microsoft worms compromise half the world. And a further explanation would be that the patch that fixed it actually fixed it whereas MS put out a patch that didn't actually fix the problem and had to release a patch weeks later that did.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom