---

Rsync Vulnerabilities Allow Remote Code Execution on Servers, Patch Quickly!

Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server.

“The client requires only anonymous read-access to the server, such as public mirrors. Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client. Sensitive data, such as SSH keys, can be extracted, and malicious code can be executed by overwriting files such as ~/.bashrc or ~/.popt,” CERT/CC noted.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis