Conversation

Notices

1. nixCraft 🐧 (nixcraft@mastodon.social)'s status on Thursday, 16-Jan-2025 03:06:57 JST nixCraft 🐧

   The rsync utility in Linux, *BSD, and Unix-like systems are vulnerable to multiple security issues, including arbitrary code execution, arbitrary file upload, information disclosure, and privilege escalation. Hence, you must patch the system ASAP https://www.cyberciti.biz/linux-news/cve-2024-12084-rsyn-security-urgent-update-needed-on-unix-bsd-systems/

   #infosec #security #linux #unix

   • shamilbi (shamilbi@mastodon.social)'s status on Thursday, 16-Jan-2025 03:10:21 JST shamilbi

     in reply to

     @nixCraft update: https://github.com/RsyncProject/rsync/tags

   • R (foo__@mastodon.social)'s status on Thursday, 16-Jan-2025 03:10:35 JST R

     in reply to

     @nixCraft beware, last version on Ubuntu is super broken

   • nixCraft 🐧 (nixcraft@mastodon.social)'s status on Thursday, 16-Jan-2025 03:38:00 JST nixCraft 🐧

     in reply to

     • bazkie, bonkwave superstar

     @bazkie Are you running rsync in a daemon mode for the public? The risk is highest for you. Either way, having installed rsync opens up attacks from both external and internal users; hence, updating both the client and server is recommended. Even a bug in the PHP script on your web server can run rsync, and from there, it can escalate. Nasty stuff.

   • bazkie, bonkwave superstar (bazkie@beige.party)'s status on Thursday, 16-Jan-2025 03:38:01 JST bazkie, bonkwave superstar

     in reply to

     @nixCraft aw heck! thanks for the headsup

     I wonder how this works; like when am I vulnerable? whenever I use rsync? or just having it installed? or neither? I'm a security noob lol

   • 🇺🇸 🇺🇦 🇮🇱 🐧 🥦 (methylcobalamin@mastodon.social)'s status on Thursday, 16-Jan-2025 04:58:01 JST 🇺🇸 🇺🇦 🇮🇱 🐧 🥦

     in reply to

     @nixCraft Ah, that is why rsync popped up in my package manager ( Mint ) to be updated the other day.