Alert GCSA-25006 - Vulnerabilita' multiple in Rsync
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25006
Data: 15 Gennaio 2025
Titolo: Vulnerabilita' multiple in Rsync
******************************************************************
:: Descrizione del problema
Sono state individuate 6 vulnerabilita' in Rsync,
con criticita' variabile, la piu' severa delle quali potrebbe consentire
l'esecuzione remota di codice arbitrario, ottenendo l'accesso anonimo in lettura
sul server rsync.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Rsync versioni precedenti alla 3.4.0
:: Impatto
Remote Code Execution
Privilege Escalation
Information Disclosure
:: Soluzioni
Aggiornare il software all'ultima versione:
https://github.com/RsyncProject/rsync
https://download.samba.org/pub/rsync/src/
:: Riferimenti
OpenWall.com:
https://www.openwall.com/lists/oss-security/2025/01/14/3
Deeping.org
https://www.deepin.org/en/rsync-vulnerability-announcement/
CERT/CC
https://kb.cert.org/vuls/id/952657
CIRCL:
https://vulnerability.circl.lu/bundle/d938dc28-6877-40db-ad5f-25f3051288e6
Mitre CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ4epXQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCO0QAn248vegoXMKVOXOSLCQW27R2TURNAKDaboR3rdBa
p2VtvQE4f1xUrUFLmQ==
=AINa
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25006
Data: 15 Gennaio 2025
Titolo: Vulnerabilita' multiple in Rsync
******************************************************************
:: Descrizione del problema
Sono state individuate 6 vulnerabilita' in Rsync,
con criticita' variabile, la piu' severa delle quali potrebbe consentire
l'esecuzione remota di codice arbitrario, ottenendo l'accesso anonimo in lettura
sul server rsync.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Rsync versioni precedenti alla 3.4.0
:: Impatto
Remote Code Execution
Privilege Escalation
Information Disclosure
:: Soluzioni
Aggiornare il software all'ultima versione:
https://github.com/RsyncProject/rsync
https://download.samba.org/pub/rsync/src/
:: Riferimenti
OpenWall.com:
https://www.openwall.com/lists/oss-security/2025/01/14/3
Deeping.org
https://www.deepin.org/en/rsync-vulnerability-announcement/
CERT/CC
https://kb.cert.org/vuls/id/952657
CIRCL:
https://vulnerability.circl.lu/bundle/d938dc28-6877-40db-ad5f-25f3051288e6
Mitre CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZ4epXQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCO0QAn248vegoXMKVOXOSLCQW27R2TURNAKDaboR3rdBa
p2VtvQE4f1xUrUFLmQ==
=AINa
-----END PGP SIGNATURE-----