What are the Vulnerabilities?Six security vulnerabilities have been disclosed in the popular Rsync tool, an open-source file synchronization and data transferring tool utilized for its ability to perform incremental transfers, reducing data transfer times and bandwidth usage. Several popular backup software such as Rclone, DeltaCopy, and ChronoSync use Rsync for file synchronization. The vulnerabilities are present within versions 3.3.0 and below and includes heap-buffer overflow, information disclosure, file leak, external directory file-write, and symbolic-link race condition. CVE-2024-12084- Heap-buffer overflow in Rsync due to improper checksum length handling CVE-2024-12085- Information leak via uninitialized stack contents CVE-2024-12086- Rsync server leaks arbitrary client files CVE-2024-12087- Path traversal vulnerability in Rsync CVE-2024-12088- Safe-links option bypass that leads to path traversal CVE-2024-12747- Race condition in Rsync when handling symbolic linksCERT/CC also mentioned that an attacker could combine CVE-2024-12084 and CVE-2024-12085 to achieve arbitrary code execution on a client that has a Rsync server running. Read more at VU#952657What is the recommended Mitigation?Users are advised to apply the latest patches available at GitHub – RsyncProjectWhat FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor and follow any mitigation as mentioned on VU#952657FortiGuard protection is being reviewed, and this Threat Signal will be updated accordingly as it becomes available.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More