GEN:SID 1:2561
Message MISC rsync backup-dir directory traversal attempt
Summary This event is generated when an attempt is made to exploit a vulnerability
associated with rsync.
Impact A successful attack may allow files to be existing files to be overwritten
or new files created on the rsync server.
Detailed Information rsync is used to remote copy files.  A command line option "--backup-dir"
can be used to specify a directory where backup files are to be placed.
There is no validation of the argument supplied to this option to scrutinize
it for proper formatting.  A malicious user can try to overwrite existing
files or create new ones on a vulnerable host by supplying a value to
"--backup-dir" that is relative to the root directory.
Affected Systems Many Unix and Linux distributions running rsync.
See http://www.securityfocus.com/bid/10247 for affected operating systems.
Attack Scenarios An attacker can send a rsync command supplying the -backup-dir option
with a path relative to the root file system, overwriting or creating
new files on the vulnerable host.
Ease of Attack Simple.
Corrective Action Upgrade to the latest non-affected version of the software.
Run the rsync server in a chroot environment.
Additional References  
Rule References bugtraq: 10247
cve: 2004-0426
nessus: 12230