Tech »  Topic »  RSync Vulnerabilities Allow Hackers to Take Full Control of Servers – PoC Released

RSync Vulnerabilities Allow Hackers to Take Full Control of Servers – PoC Released

2 weeks, 2 days ago   gbhackers

A series of critical security vulnerabilities in the widely-used Rsync file synchronization tool have been uncovered, exposing millions of servers to potential takeover by anonymous attackers.

The flaws, discovered in Rsync version 3.2.7 and earlier, enable remote code execution, sensitive data leaks, and file system manipulation through five distinct attack vectors, as per a report by Github.

Proof of Concept

CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing (CVSS 9.8)

The most critical vulnerability exists in how Rsync daemons handle file checksums during synchronization.

Attackers can trigger a heap buffer overflow by sending malicious checksum data that exceeds the allocated 16-byte buffer (sum2 array).

The overflow occurs because the protocol accepts s2length values up to 64 bytes (for SHA-512 digests) without proper validation:

struct sum_buf {

    char sum2[SUM_LENGTH];  // 16-byte buffer

};

// Attacker-controlled parameter

sum->s2length = read_int(f);

read_buf(f, s->sums[i].sum2, s->s2length); // Overflow when s2length>16

This allows overwriting 48 ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE