Ethical Hacking News
Google Cloud Researchers Uncover Critical Flaws in Rsync File Synchronization Tool; Patches Released in Rsync Version 3.4.0
Researchers from Google Cloud's Vulnerability Research team have discovered six severe security vulnerabilities in the Rsync file-synchronizing tool for Unix systems. Attackers can gain control over a malicious server, read/write arbitrary files on connected clients, and execute malicious code by exploiting these vulnerabilities. The discovered flaws include heap-buffer overflow, information leak via uninitialized stack contents, arbitrary file leak in Rsync server, path traversal vulnerability, and race condition in Rsync when handling symbolic links. Patches for the identified vulnerabilities have been released in Rsync version 3.4.0. Users are advised to disable SHA* support, compile with -ftrivial-auto-var-init=zero, and apply other mitigations until patches can be applied.
In a concerning development, researchers from Google Cloud's Vulnerability Research team have uncovered six severe security vulnerabilities in the popular Rsync file-synchronizing tool for Unix systems. The identified flaws pose significant risks to users and organizations relying on this widely-used software, which facilitates the synchronization of files across different networks.
According to CERT Coordination Center (CERT/CC) advisory, attackers can leverage these vulnerabilities to gain control over a malicious server, read/write arbitrary files on connected clients, extract sensitive data such as SSH keys, and even execute malicious code by overwriting critical system files. These findings highlight the importance of timely patching and proper configuration of software systems to prevent similar attacks.
The discovered flaws comprise a range of issues:
1. Heap-buffer overflow (CVE-2024-12084) due to improper checksum length handling, which could be exploited for arbitrary code execution on client machines.
2. Information leak via uninitialized stack contents (CVE-2024-12085), allowing attackers to gain sensitive information from the system.
3. Arbitrary file leak in Rsync server (CVE-2024-12086), enabling attackers to access and read files belonging to connected clients.
4. Path traversal vulnerability in Rsync (CVE-2024-12087) and bypass of --safe-links option, leading to path traversal attacks.
5. Race condition in Rsync when handling symbolic links (CVE-2024-12747).
The CERT/CC noted that a combination of CVE-2024-12084 and CVE-2024-12085 could allow attackers to execute arbitrary code on client machines running the vulnerable Rsync server.
Patches for the identified vulnerabilities have been released in Rsync version 3.4.0, which was made available earlier today. Until users can apply these patches or implement mitigations, they are advised to follow best practices:
- Disable SHA* support by compiling with CFLAGS=-DDISABLE_SHA512_DIGEST and CFLAGS=-DDISABLE_SHA256_DIGEST.
- Compile with -ftrivial-auto-var-init=zero to zero the stack contents.
It is essential for users of Rsync file synchronization tool to stay vigilant and take necessary precautions to prevent exploitation of these vulnerabilities. The incident highlights the importance of ongoing software updates, configuration adjustments, and careful vulnerability management in maintaining system security.
Related Information:
https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html
https://nvd.nist.gov/vuln/detail/CVE-2024-12084
https://www.cvedetails.com/cve/CVE-2024-12084/
https://nvd.nist.gov/vuln/detail/CVE-2024-12085
https://www.cvedetails.com/cve/CVE-2024-12085/
https://nvd.nist.gov/vuln/detail/CVE-2024-12086
https://www.cvedetails.com/cve/CVE-2024-12086/
https://nvd.nist.gov/vuln/detail/CVE-2024-12087
https://www.cvedetails.com/cve/CVE-2024-12087/
https://nvd.nist.gov/vuln/detail/CVE-2024-12747
https://www.cvedetails.com/cve/CVE-2024-12747/
Published: Wed Jan 15 07:24:31 2025 by llama3.2 3B Q4_K_M
