Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z4bNSOygmYgI602B@netmeister.org>
Date: Tue, 14 Jan 2025 15:47:04 -0500
From: Jan Schaumann <jschauma@...meister.org>
To: oss-security@...ts.openwall.com
Subject: Re: RSYNC: 6 vulnerabilities

Nick Tait <ntait@...hat.com> wrote:

> [1] Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling
> 
> CVE ID: CVE-2024-12084
> 
> CVSS 3.1: 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
> 
> Description: A heap-based buffer overflow flaw was found in the rsync
> daemon. This issue is due to improper handling of attacker-controlled
> checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the
> fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the
> sum2 buffer.

Does anybody know if this issue is also present in the
code executing when you use SSH instead of rsyncd?

I'd expect the "rsync --server --sender" functionality
to possibly (likely?) share code here, but the current
description might lead folks to not consider this
scenario and only look for cases where they offer
rsyncd (e.g., port 873).

-Jan

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.