Puppy Linux Discussion Forum

Discussion, talk and tips
https://forum.puppylinux.com/

rsync Vulnerability: HEADS UP

https://forum.puppylinux.com/viewtopic.php?t=6491

Page 1 of 1

rsync Vulnerability: HEADS UP

Posted: Wed Aug 03, 2022 2:17 am
by geo_c

I just stumbled on this and thought it might be of interest:

https://www.openwall.com/lists/oss-secu ... 22/08/02/1

We have discovered a critical arbitrary file write vulnerability
in the
>>>> rsync utility that allows malicious remote servers to write arbitrary
>>>> files inside the directories of connecting peers. The server chooses
>>>> which files/directories are sent to the client. Due to the
insufficient
>>>> controls inside the
>>>> [do_server_recv](
>>>
https://github.com/WayneD/rsync/blob/85 ... in.c#L1118
>>> )
>>>> function, a malicious rysnc server (or Man-in-The-Middle attacker) can
>>>> overwrite arbitrary files in the rsync client target directory and
>>>> subdirectories. An attacker abusing this vulnerability can overwrite
>>>> critical files under the target rsync directory and subdirectories
(for
>>>> example, to overwrite the .ssh/authorized_keys file).
>>>>
>>>> Best regards, Ege BALCI, Taha HAMAD.

All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited