Latest rsync vulnerabilities #
Multiple research teams have disclosed several vulnerabilities in the popular rsync. Rsync is a popular file-synchronization tool that can be used to synchronize file sets between multiple systems and is often used to distribute software and data to the public in a read-only mode.
Multiple vulnerabilities in rsync have been discovered. The most critical is CVE-2024-12084 and has been assigned a CVSS score of 9.8 (extremely critical).
The Rsync Project has released version 3.4.0 of rsync, which addresses the vulnerabilities.
What is the impact? #
Successful exploitation of CVE-2024-12084 would allow an attacker to execute arbitrary code with the privileges of the vulnerable rsync service. This could lead to total system compromise. Successful exploitations of other vulnerabilities fixed in the latest version of rsync would file reads and writes outside of the specified destination directory during sync and information disclosure of process memory.
Are updates or workarounds available? #
The Rsync Project has released version 3.4.0 of rsync, which addresses these vulnerabilities. Users are advised to upgrade as quickly as possible. Systems running rsyncd exposed to untrusted networks (such as the public Internet) should be disabled until updated.
How to find potentially vulnerable systems with runZero #
From the Service Inventory, use the following query to locate systems running potentially vulnerable software:
protocol:rsyncd
