rsnapshot: Local privilege escalation

rsnapshot: Local privilege escalation rsnapshot allows a local user to take ownership of local files, resulting in privilege escalation. rsnapshot 2005-04-13 2007-12-30 88681 local 1.2.1 1.1.7 1.2.1

rsnapshot is a filesystem snapshot utility based on rsync, allowing local and remote systems backups.

The copy_symlink() subroutine in rsnapshot follows symlinks when changing file ownership, instead of changing the ownership of the symlink itself.

Under certain circumstances, local attackers can exploit this vulnerability to take ownership of arbitrary files, resulting in local privilege escalation.

The copy_symlink() subroutine is not called if the cmd_cp parameter has been enabled.

All rsnapshot users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose app-backup/rsnapshot

rsnapshot Security Advisory 001 CVE-2005-1064 koon lewk koon