oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RSYNC: 6 vulnerabilities

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Mon, 18 Aug 2025 18:53:52 -0700
On 1/14/25 08:53, Nick Tait wrote:

Hello OSS-security,

Two independent groups of researchers have identified a total of 6
vulnerabilities in rsync. In the most severe CVE, an attacker only requires
anonymous read access to a rsync server, such as a public mirror, to
execute arbitrary code on the machine the server is running on.


The researchers responsible for #1-#5 on that list have now published their
writeup in https://phrack.org/issues/72/11_md#article .

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Previous By Date Next
Previous By Thread Next

Current thread: