Security News > 2025 > January > Rsync vulnerabilities allow remote code execution on servers, patch quickly!
2025-01-15 14:24
Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only anonymous read-access to the server, such as public mirrors. Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client. Sensitive data, such as SSH keys, can be extracted, and … More → The post Rsync vulnerabilities allow remote code execution on servers, patch quickly! appeared first on Help Net Security.
News URL
Related news
- Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)