Subj : Top file synchronization tool Rsync security flaws mean up to 660 To : All From : TechnologyDaily Date : Thu Jan 16 2025 13:30:04 Top file synchronization tool Rsync security flaws mean up to 660,000 servers possibly affected Date: Thu, 16 Jan 2025 13:22:00 +0000 Description: Security researchers found six flaws in popular Rsync tool including a critical-severity RCE bug. FULL STORY ======================================================================Rysinc was found to be vulnerable to at least six flaws One of the bugs is a critical-severity RCE, experts warn Users and vendors are advised to update to version 3.4.0 immediately Rsync, a popular open source file transfer and synchronization tool has been found carrying multiple vulnerabilities that allowed threat actors to conduct all kinds of malicious activities, remote code execution (RCE) included. As a result, hundreds of thousands of endpoints are at serious risk. The warning comes from multiple cybersecurity researchers, including those from Google Cloud, who recently discovered and reported the flaws. Two independent groups of researchers have identified a total of 6 vulnerabilities in rsync. In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on, a security advisory published on Openwall reads. Upstream has prepared patches for these CVEs. These fixes will be included in rsync 3.4.0 which is to be released shortly. Applying the fix The most severe vulnerability is tracked as CVE-2024-12084, and is described as a heap buffer overflow bug arising from improper handling of checksum lengths in the Rsync daemon. It was given a severity score of 9.8, and said to affect versions 3.2.7 through < 3.4.0. Other flaws are CVE-2024-12085 (information leak via uninitialized stack), CVE-2024-12086 (server leaks arbitrary client files), CVE-2024-12087 (path traversal), CVE-2024-12088 (bypass of safe-links Option), and CVE-2024-12747 (symbolic link race condition). The CERT Coordination Center (CERT/CC) labeled Red Hat, Arch, Gentoo, Ubuntu NixOS, AlmaLinux OS Foundation, and the Triton Data Center all as impacted, but added that there are many more potentially impacted projects and vendors. "When combined, the first two vulnerabilities (heap buffer overflow and information leak) allow a client to execute arbitrary code on a device that has an Rsync server running," warned CERT/CC. BleepingComputer also ran a quick Shodan scan which came back with 660,000 potentially affected instances. The majority (521,000) is located in China, with the remaining being split between the United States, Hong Kong, Korea, and Germany. All Rsync users should upgrade to version 3.4.0 as soon as possible, or at least block TCP port 873. You might also like Popular file transfer software has a seriously dangerous security bug that gives anyone free administrator rights so patch it now to avoid another Moveit-like debacle Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/top-file-synchronization-tool-rsync-sec urity-flaws-mean-up-to-660-000-servers-possibly-affected --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .