Security News > 2025 > January > Rsync vulnerabilities allow remote code execution on servers, patch quickly!
2025-01-15 14:24
Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only anonymous read-access to the server, such as public mirrors. Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client. Sensitive data, such as SSH keys, can be extracted, and … More → The post Rsync vulnerabilities allow remote code execution on servers, patch quickly! appeared first on Help Net Security.
News URL
Related news
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- WordPress security plugin WP Ghost vulnerable to remote code execution bug (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)