Proof-of-Concept Exploits Released for RSync Vulnerabilities


Five vulnerabilities have been discovered within the RSync utility. RSync is a popular tool for transferring and synchronising files between different systems. RSync is commonly used in Unix-like operating systems.

  • CVE-2024-12084 is a ‘heap-based buffer overflow’ vulnerability, with a CVSSv3 score of 9.8. When used alongside CVE-2024-12085, attackers could gain remote code execution (RCE).
  • CVE-2024-12085 is an ‘improper restriction of operations within the bounds of a memory buffer’ vulnerability, with a CVSSv3 score of 7.5. When used alongside CVE-2024-12084, attackers could gain RCE.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • NSA Advocates Data Sharing Framework

    June 23, 2017

    The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...