Over 660,000 Rsync servers exposed to code execution attacks
Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers.
Rsync is an open-source file synchronization and data transferring tool valued for its ability to perform incremental transfers, reducing data transfer times and bandwidth usage.
It supports local file systems transfers, remote transfers over secure protocols like SSH, and direct file syncing via its own daemon.
The tool is utilized extensively by backup systems like Rclone, DeltaCopy, ChronoSync, public file distribution repositories, and cloud and server management operations.
The Rsync flaws were discovered by Google Cloud and independent security researchers and can be combined to create powerful exploitation chains that lead to remote system compromise.
"In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on," reads the bulletin published on Openwall.
