Rsync, a widely-used file synchronization tool, has been found to harbor six vulnerabilities affecting versions 3.3.0 and below. These vulnerabilities, ranging from heap-buffer overflows to symbolic link race conditions, pose significant risks to users, potentially allowing attackers to execute arbitrary code, leak sensitive information, and even gain control of affected systems.
The discovered vulnerabilities include:
- CVE-2024-12084 (CVSS 9.8): A heap-buffer-overflow vulnerability in the Rsync daemon that allows attackers to write out-of-bounds, potentially leading to code execution.
- CVE-2024-12085 (CVSS 7.5): An information leak vulnerability that enables attackers to access uninitialized memory, potentially revealing sensitive data.
- CVE-2024-12086 (CVSS 6.1): A file leak vulnerability that could allow malicious servers to extract arbitrary files from clients.
- CVE-2024-12087 (CVSS 6.5): An external directory file-write vulnerability that enables attackers to write files outside the intended destination directory.
- CVE-2024-12088 (CVSS 6.5): A –safe-links bypass vulnerability that can lead to path traversal and arbitrary file writes.
- CVE-2024-12747 (CVSS 5.6): A symbolic-link race condition vulnerability that could allow for privilege escalation.
Rsync is a core component in many backup programs, including Rclone, DeltaCopy, and ChronoSync. It’s also commonly used in daemon mode for public mirrors, making this vulnerability particularly concerning for organizations and individuals relying on these services.
The combination of the heap-buffer overflow and information leak vulnerabilities could allow attackers to execute arbitrary code on vulnerable servers. Furthermore, malicious servers could exploit these flaws to read and write arbitrary files on connected clients, potentially compromising sensitive data like SSH keys.
Users are strongly urged to update their Rsync installations immediately to the latest patched version. Patches are available at the official Rsync website and the Samba project website. It’s also crucial to ensure that any software using Rsync as a backend is updated to address these vulnerabilities.
