Recent discussions around vulnerabilities in Rsync, a widely used file synchronization tool, have highlighted six critical and high-severity flaws that pose significant security risks. These vulnerabilities were disclosed on January 14, 2025, primarily by researchers from Google Cloud Vulnerability Research, leading to a CVSS score of up to 9.8 for the most severe issue.
Overview of Vulnerabilities
The vulnerabilities are as follows:
- CVE-2024-12084: This is a heap buffer overflow vulnerability caused by improper handling of checksum lengths, allowing an attacker with anonymous read access to execute arbitrary code on the server. This flaw has the highest severity rating (CVSS 9.8).
- CVE-2024-12085: An information leak vulnerability that allows attackers to access uninitialized stack data, potentially leaking sensitive information. It has a CVSS score of 7.5.
- CVE-2024-12086: This flaw allows the leakage of arbitrary files from client machines when files are copied to the server. Its CVSS score is 6.1.
- CVE-2024-12087: A path traversal vulnerability that could enable a server to write files outside the intended destination directory on the client’s machine (CVSS score: 6.5).
- CVE-2024-12088: This vulnerability involves a failure to properly verify symbolic links, leading to unsafe file writes (CVSS score: 6.5).
- CVE-2024-12747: A symbolic link race condition that can lead to privilege escalation (CVSS score: 5.6).
These vulnerabilities can be exploited by clients with anonymous read-only access to an Rsync server, including public mirrors, making them particularly concerning for systems that allow such configurations.
Potential Impact
The exploitation of these vulnerabilities could allow attackers to:
- Execute arbitrary code on the Rsync server.
- Access and leak sensitive data, such as SSH keys and other credentials.
- Overwrite critical files on connected client machines, potentially compromising user environments and data integrity.
The CERT Coordination Center (CERT/CC) has emphasized that these vulnerabilities could be combined for more severe attacks, where an attacker could execute malicious code on a vulnerable Rsync server simply by having anonymous access.
Mitigation and Recommendations
Users of Rsync are strongly advised to upgrade to version 3.4.0, which addresses these vulnerabilities. For those unable to update immediately, it is recommended to restrict access to Rsync servers or configure them to require authentication instead of allowing anonymous connections. In summary, the recent vulnerabilities in Rsync highlight critical security risks that can be exploited with minimal access requirements. Immediate action is necessary for users and administrators to protect their systems from potential attacks leveraging these flaws.
TMNSolutions Customer Notice
If your infrastructure is under our management, we’ve taken proactive steps to address these Rsync vulnerabilities:
- All managed servers have been automatically patched
- Security updates were deployed during scheduled maintenance windows
- System integrity checks have been performed post-patch
Support Options
We’re here to help if you need additional information:
- Email: nhut.tran@tmnsolutions.com
- Phone: Your dedicated account manager’s direct line
- Portal: Submit a ticket through our provided ticket management system
For detailed technical documentation or specific security reports regarding your infrastructure, please don’t hesitate to reach out to our technical team.
