FlagThis - #rsync

Multiple vulnerabilities have been discovered in rsync, a widely used file transfer program, totaling six distinct security flaws. The most severe of these is a critical remote code execution (RCE) vulnerability identified as CVE-2024-12084. This flaw allows an attacker with only anonymous read access to an rsync server, often found in public mirrors, to execute arbitrary code on the server. This highlights the serious risk facing systems running vulnerable versions of rsync, particularly those with exposed rsync servers. The vulnerability stems from improper handling of checksum lengths.

Other discovered vulnerabilities include information leaks and symlink issues. There is also the potential for an attacker to enumerate the contents of arbitrary files on a client's machine when copying files to a server. To mitigate all six vulnerabilities, users and administrators are strongly advised to upgrade to rsync version 3.4.0, released on January 14th. However, a regression was found in 3.4.0, so version 3.4.1 is now available. It's crucial to apply this patch, especially for systems running the rsyncd daemon.


References :

• LWN.net: Six vulnerabilities discovered in rsync
• Open Source Security: RSYNC: 6 vulnerabilities
• discuss.privacyguides.net: 6 critical vulnerabilities in rsync
• Help Net Security: Rsync vulnerabilities allow remote code execution on servers, patch quickly!
• malware.news: Malware news article on detecting and mitigating rsync RCE.
• sysdig.com: Sysdig blog post on detecting and mitigating CVE-2024-12084.
• www.bleepingcomputer.com: Over 660,000 rsync servers exposed to code execution attacks
• Lobsters: oss-security - rsync multiple vulnerabilities

Classification:

• HashTags: #Rsync #Vulnerability #SecurityPatch
• Target: rsync Servers
• Product: rsync
• Feature: Remote Code Execution
• Type: Vulnerability
• Severity: Major