|
Steve Litt via plug on 16 Jan 2025 17:24:20 -0800
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
- From: Steve Litt via plug <plug@lists.phillylinux.org>
- To: plug@lists.phillylinux.org
- Subject: Re: [PLUG] rsync flaws
- Date: Thu, 16 Jan 2025 20:24:12 -0500
- Arc-authentication-results: i=1; rspamd-7df4dcbd86-4hwjh; auth=pass smtp.auth=21tnwsjmfw smtp.mailfrom=slitt@troubleshooters.com
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1737077054; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+7wJfwK622D51fQWf+BNWdovFDm2ta75itLTV2OLodk=; b=gg5u0oTmill3aEpmF5cfbLIcvs5LJ51wNh6/C0hSE0s2S80ZO6S7o8F1/6TyfBR0ZLD6BL g7aO9au9n2y4Ckq36nNa9I5aLhTVlw+ELkLAwrdZsH1ihxURvTutHtnYmpBFlR+4PUU6hi LzEiSX8iaR3xJTnZfHGLkeAnnm7dfnxl8MqDkqpwLCO+3J8XDI+ob494JdqEuzry8S652P 1i+WYK1AYoY10hdeRrwKcKp5sub+L0u3PeM4Wu+rsjC0swl7j8S/ryYlEI88oWP788UTGc /Yo2O+hc/lUtyLRODXm6aA97QZRQ6qoNRuGfQNxtknhJNolOQ7Aqxlh8DhV8Iw==
- Arc-seal: i=1; s=arc-2022; d=mailchannels.net; t=1737077054; a=rsa-sha256; cv=none; b=Y3d4FrCQYEqEkDoZIbYYDDJZeq/tHgkzYJ5ApF5qo8nEKcxgxpUQ3KEd2mAOqyVKjXe4DI azg1g+MijrPd5WbHYAMiioqPCu7GMN0yNECZfpbYUOQr4XBpcavE/SLnVwjx39LHYqgILu X3gNctlmgU7gUc5jUO3iVNJeZBeYR5MxMBbkZ+YWkWJAPV4ixc6uvAcRk/F8390KWoRebU cF4F7blNyBGtiInIoliN9qfWbl0NDMVnVG9xjXhineDoDmlz1LjDbmkry+4SxCKUlr3Lt4 0FUyrXKqfafElMEH2JrcCFhgBd9wya4YnDFwKnm2Wm/imZmtcQlyLDyPjfsl9g==
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=troubleshooters.com; s=default; h=Content-Transfer-Encoding:Content-Type: MIME-Version:References:In-Reply-To:Message-ID:Subject:To:From:Date:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=+7wJfwK622D51fQWf+BNWdovFDm2ta75itLTV2OLodk=; b=BQCRhDh/txWC3hWX+/emDIbhNf YbfyFqBhy2izW9yBVvv0b/Nx/A8ImIpuntUPk5EJvsgTe3TdJQvzaZFl0YDlzTfYBMVVF0oWbGika M4GA5NPR30LYoXjyqawClq+hcjZwtanjHoxzZnnIpX7x6R2aGvdPO/DT3+gdvQxEHEPVM5ho8FUkc cf9F7jpVA0xBB7JP4BxYfkQdHGxOrKS6Mn37A8tyJ0MZvPvXdtpxjviChBTLJrU5bKPu1tUiub29Z KMX5KIoSdyLfFvJlpmG2KrgMij6geYpchLjwupkD7Q3TXxZttILC7oZxndBmRUzRZ3kVf+WT8YiJP Yhjss9cA==;
- Reply-to: Steve Litt <slitt@troubleshooters.com>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
Void Linux also fixed it.
Walt Mankowski via plug said on Wed, 15 Jan 2025 13:57:19 -0500
>Thanks for posting this. There's already a fix out for ubuntu that I'm
>getting ready to install on some servers I maintain.
>
>Walt
>
>On Wed, Jan 15, 2025 at 10:16:50AM -0500, jeffv via plug wrote:
>> Google Cloud Researchers Uncover Flaws in Rsync File Synchronization
>> Tool
>>
>> https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html
>>
>> As many as six security vulnerabilities have been disclosed in the
>> popular Rsync file-synchronizing tool for Unix systems, some of
>> which could be exploited to execute arbitrary code on a client.
>>
>> "Attackers can take control of a malicious server and read/write
>> arbitrary files of any connected client," the CERT Coordination
>> Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH
>> keys, can be extracted, and malicious code can be executed by
>> overwriting files such as ~/.bashrc or ~/.popt."
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group
>> -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion
>> -- http://lists.phillylinux.org/mailman/listinfo/plug
>___________________________________________________________________________
>Philadelphia Linux Users Group
>-- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
>General Discussion
>-- http://lists.phillylinux.org/mailman/listinfo/plug
SteveT
Steve Litt
http://444domains.com
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug