Nasty Rsync Vulnerability


Posted

in


The rsync page has noted that an obscure vulnerability in some rsync installations combined with a vulnerability in the Linux kernel can equal a pretty nasty exploit:

The rsync team has received evidence that a vulnerability in rsync was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server. While the forensic evidence we have is incomplete, we have pieced together the most likely way that this attack was conducted and we are releasing this advisory as a result of our investigations to date.

Newsforge points to more coverage by secunia.com.  Thanks for the heads up, Jim.