Security News > 2025 > January > Rsync vulnerabilities allow remote code execution on servers, patch quickly!

Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only anonymous read-access to the server, such as public mirrors. Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client. Sensitive data, such as SSH keys, can be extracted, and … More → The post Rsync vulnerabilities allow remote code execution on servers, patch quickly! appeared first on Help Net Security.
News URL
Related news
- Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks (source)
- Recent Windows Server 2025 updates cause Remote Desktop freezes (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)