Chiwopsezo (CVE-2022-29154) chadziwika mu rsync, chida cholumikizira mafayilo ndikusunga zosunga zobwezeretsera, chomwe chimalola mafayilo osasunthika m'ndandanda yomwe mukufuna kuti alembedwe kapena kulembedwanso kumbali ya wogwiritsa ntchito mukapeza seva ya rsync yoyendetsedwa ndi wowukira. Mwachidziwitso, kuukira kungathenso kuchitidwa chifukwa cha kusokoneza (MITM) ndi magalimoto odutsa pakati pa kasitomala ndi seva yovomerezeka. Nkhaniyi idakhazikitsidwa pakumasulidwa kwa mayeso a Rsync 3.2.5pre1.
Chiwopsezochi chimakumbukira zomwe zidachitika kale mu SCP ndipo zimayambitsidwanso ndi seva kupanga chisankho chokhudza malo omwe fayiloyo iyenera kulembedwa, ndipo kasitomala samayang'ana bwino zomwe wabwezedwa ndi seva ndi zomwe adapemphedwa, kulola seva kuti ilembedwe. lembani mafayilo omwe sanafunsidwe ndi kasitomala. Mwachitsanzo, ngati wogwiritsa amakopera mafayilo ku chikwatu chakunyumba, seva ikhoza kubweza mafayilo otchedwa .bash_aliases kapena .ssh/authorized_keys m'malo mwa mafayilo omwe afunsidwa, ndipo adzasungidwa m'ndandanda wanyumba ya wogwiritsa ntchito.
Source: opennet.ru