| |
Vulnerability CVE-2022-29154
Published: 2022-08-02
Description: |
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). |
References: |
http://www.openwall.com/lists/oss-security/2022/08/02/1
https://github.com/WayneD/rsync/tags
|
|
|
Copyright 2024, cxsecurity.com
|
|
|