Security News > 2025 > January > Rsync vulnerabilities allow remote code execution on servers, patch quickly!
2025-01-15 14:24
Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only anonymous read-access to the server, such as public mirrors. Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client. Sensitive data, such as SSH keys, can be extracted, and … More → The post Rsync vulnerabilities allow remote code execution on servers, patch quickly! appeared first on Help Net Security.
News URL
Related news
- Apache fixes remote code execution bypass in Tomcat web server (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)
- Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)