Re: [PLUG] rsync flaws

Walt Mankowski via plug on 15 Jan 2025 10:57:24 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] rsync flaws

From: Walt Mankowski via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] rsync flaws
Date: Wed, 15 Jan 2025 13:57:19 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1736967440; x=1737053840; bh=Yc6gJjo+wfWdrFlm+DRoWp3T6VStcmg8jfA xXMXd7Ik=; b=gvZhR1nZCjWUBYLzcMkZ9pVLte17+O44Kmw7vXSf/7tSu+Fx2D4 4ChxoVdUmGImfcPt0NgRcJ0tKZ54fFk3NTTYLKIQUkk7uJtNoa5wPBmfeEifK8ca iCxciTZP924x/P/ryvbpWU+rWOquSB+CvQ8inpr6dapLgwYHJgrFkvM+DP54Hfot EYrk5/+79aer62Q05VH8Hrdg+A0AR+BhbSIHajgQpZI6+Fw2tNFDLku8EVDy2c++ u22uVva5ODw0/MIrKEj4kpLAUcnaHyMZN/eENvMgMrn5hIX7+Dgy5TwoxwrR4nWK cqx3E0Db3/kTC0ENov+216pi8QXatHEdz/w==
Feedback-id: i4ab14970:Fastmail
Reply-to: Walt Mankowski <waltman@pobox.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mutt/2.2.13 (2024-03-09)

Thanks for posting this. There's already a fix out for ubuntu that I'm
getting ready to install on some servers I maintain.

Walt

On Wed, Jan 15, 2025 at 10:16:50AM -0500, jeffv via plug wrote:
> Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
> 
> https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html
> 
> As many as six security vulnerabilities have been disclosed in the popular
> Rsync file-synchronizing tool for Unix systems, some of which could be
> exploited to execute arbitrary code on a client.
> 
> "Attackers can take control of a malicious server and read/write arbitrary
> files of any connected client," the CERT Coordination Center (CERT/CC) said
> in an advisory. "Sensitive data, such as SSH keys, can be extracted, and
> malicious code can be executed by overwriting files such as ~/.bashrc or
> ~/.popt."
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] rsync flaws
  - From: Steve Litt via plug <plug@lists.phillylinux.org>

References:
- [PLUG] rsync flaws
  - From: jeffv via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] Parallel port with Debian 12
Next by Date: Re: [PLUG] Parallel port with Debian 12
Previous by thread: [PLUG] rsync flaws
Next by thread: Re: [PLUG] rsync flaws
Index(es):
- Date
- Thread