1/17/2025 at 12:37:46 PM
Related:by nubinetwork
1/17/2025 at 9:12:41 AM
Over 660k Rsync servers exposed to code execution attacks
https://www.bleepingcomputer.com/news/security/over-660-000-rsync-servers-exposed-to-code-execution-attacks/by nimar
1/17/2025 at 9:12:41 AM
by nimar
1/17/2025 at 12:37:46 PM
Related:by nubinetwork
1/17/2025 at 10:17:16 AM
was surprised seeing this not discussed previously, as it can have rather big ramifications also for home server holsters etc (if not behind VPN)by nimar
1/17/2025 at 12:26:17 PM
There's something I am missing here. I sync my servers with rsync, but it is over ssh - is this still vulnerable?by martinbaun
1/17/2025 at 2:00:29 PM
If you explicitly use "-e ssh" and don't run a daemon, then these probably don't affect you.If you don't specify that protocol, though, you have three scenarios:
1. only the local host has the rsync binary 2. both local and remote hosts have the binary, but neither runs them as a daemon 3. both have the binary and the remote runs as the daemon
In #1 you end up using SSH anyway (unless there's also no SSH binary). In #2, a malicious server binary could attack you. In #3, a malicious server binary could attack you.
Also, many of rsync's features rely upon both sides having the binary.
by aesh2Xa1
1/17/2025 at 5:53:02 PM
Wow, thank you - this is exactly what I didn't get. You explained it super well.I am number 2, and so I guess it wont affect me as long as the fingerprint doesn't change to a malicious server that have taken over an IP.
by martinbaun