VU#952657: Rsync contains six vulnerabilities
Rsync, a file-synchronizing tool, has been found to contain six vulnerabilities in versions 3.3.0 and below. These vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write, --safe-links bypass, and symbolic-link race condition. Rsync is widely used in backup programs and public mirrors to synchronize and distribute files efficiently across multiple servers. The discovered vulnerabilities can be exploited by attackers to execute arbitrary code, read and write arbitrary files, and extract sensitive data. The heap-buffer-overflow vulnerability can be triggered by an attacker-controlled checksum length, while the information leak vulnerability can be triggered by manipulating the checksum length. The file leak vulnerability can cause a server to leak the contents of arbitrary files from clients' machines. The --safe-links option vulnerability can lead to a path traversal vulnerability, allowing a server to write files outside of the client's intended destination directory. The symbolic-link race condition vulnerability can lead to privilege escalation, allowing a user to gain access to privileged files on affected servers. To address these vulnerabilities, users should apply the latest patches available and run updates on their software as soon as possible. The vulnerabilities were discovered by researchers at Google Cloud Vulnerability Research and Aleksei Gorban, and reported by Andrew Tridgell.