FlagThis

Multiple vulnerabilities have been discovered in rsync, a widely used file transfer program. Six vulnerabilities have been identified, including a critical remote code execution (RCE) vulnerability (CVE-2024-12084) that allows attackers with anonymous read access to an rsync server to execute arbitrary code on the machine. Other vulnerabilities include information leaks and symlink issues. Users are advised to upgrade to rsync version 3.4.0, released on January 14th, to patch these issues and ensure system security. This highlights the importance of timely patching and update process for critical network utilities.