Security researchers have uncovered six critical vulnerabilities in rsync, a widely used file synchronization and transfer tool for Linux systems. The most severe flaw could allow attackers to execute arbitrary code on machines running rsync servers with just anonymous read access.
Two independent research teams identified the vulnerabilities, including Google Cloud Vulnerability Research members. The issues affect all rsync versions prior to 3.4.0, which was released on January 14, 2025, to patch these security holes.
Rsync File Transfer Tool Vulnerability
The most critical vulnerability, CVE-2024-12084, received a CVSS score of 9.8 out of 10, indicating its extreme severity. This heap-based buffer overflow flaw in the rsync daemon stems from improper handling of attacker-controlled checksum lengths.
Exploiting this vulnerability could allow malicious actors to write beyond the intended memory boundaries, potentially leading to code execution.
Another significant issue, CVE-2024-12085, enables information leakage by manipulating checksum lengths to force comparisons between checksums and uninitialized memory. This could result in the exposure of sensitive data one byte at a time.
CVE-2024-12086 allows malicious rsync servers to potentially reconstruct the contents of arbitrary files on client machines by exploiting the file comparison process during transfers.
The remaining vulnerabilities include a path traversal flaw (CVE-2024-12087), a bypass of the –safe-links option leading to unauthorized file writes (CVE-2024-12088), and a race condition in handling symbolic links that could lead to privilege escalation (CVE-2024-12747).
These vulnerabilities are particularly concerning, given rsync’s widespread use in backup systems, software distribution, and public mirrors. Many popular tools and services, including Rclone, DeltaCopy, and ChronoSync, rely on rsync as a backend.
Security experts strongly urge all rsync users to update to version 3.4.0 immediately. For those unable to update promptly, temporary mitigation measures include disabling checksum options on rsync servers by adding “refuse options = checksum” to the configuration file.
The discovery of these vulnerabilities highlights the importance of regular security audits and prompt patching, even for long-standing and widely trusted tools like rsync.
As cyber threats continue to evolve, maintaining up-to-date and secure systems remains crucial for protecting sensitive data and preventing unauthorized access.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free