Security News > 2025 > January > Rsync vulnerabilities allow remote code execution on servers, patch quickly!

Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only anonymous read-access to the server, such as public mirrors. Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client. Sensitive data, such as SSH keys, can be extracted, and … More → The post Rsync vulnerabilities allow remote code execution on servers, patch quickly! appeared first on Help Net Security.
News URL
Related news
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- WordPress security plugin WP Ghost vulnerable to remote code execution bug (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- Recent Windows Server 2025 updates cause Remote Desktop freezes (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)