On 1/14/25 08:53, Nick Tait wrote:
Hello OSS-security,
Two independent groups of researchers have identified a total of 6
vulnerabilities in rsync. In the most severe CVE, an attacker only requires
anonymous read access to a rsync server, such as a public mirror, to
execute arbitrary code on the machine the server is running on.
The researchers responsible for #1-#5 on that list have now published their
writeup in https://phrack.org/issues/72/11_md#article .
--
-Alan Coopersmith- alan.coopersm...@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
