An gano wani rauni (CVE-2022-29154) a cikin rsync, aiki tare da fayil da mai amfani na madadin. Wannan raunin yana ba maharan damar rubuta ko sake rubuta fayiloli na sabani a cikin littafin da aka yi niyya a ƙarshen mai amfani lokacin samun damar sabar rsync mai sarrafa maharin. Mai yuwuwa, ana iya kai harin ta hanyar harin mutum-in-ta-tsakiyar (MITM) akan zirga-zirgar ababen hawa tsakanin abokin ciniki da sabar sabar. An daidaita batun a cikin sakin gwajin Rsync 3.2.5pre1.
Rashin lafiyar yana kama da matsalolin da suka gabata a cikin SCP kuma yana faruwa ne sakamakon sabar da ke yanke shawara game da wurin da aka rubuta fayil ɗin, kuma abokin ciniki bai tabbatar da abin da sabar ta dawo da abin da aka nema ba, wanda hakan ke ba da damar uwar garken rubuta fayilolin da abokin ciniki bai nema ba tun farko. Misali, idan mai amfani ya kwafi fayiloli zuwa babban fayil ɗin gida, sabar zai iya dawo da fayiloli masu suna .bash_aliases ko .ssh/authorized_keys maimakon fayilolin da aka nema, kuma za a adana su a cikin kundin adireshin gida na mai amfani.
source: budenet.ru
