Kusagadzikana (CVE-2022-29154) kwakaonekwa mu rsync, chishandiso chekubatanidza faira uye backup, iyo inobvumira mafaera anopokana ari mudhairekitori rechinangwa kuti anyorwe kana kunyorwa padivi remushandisi kana awana rsync server inodzorwa neanorwisa. Zvichigona, kurwiswa kunogona kuitwa zvakare semhedzisiro yekukanganiswa (MITM) netraffic traffic pakati pemutengi uye sevha iri pamutemo. Nyaya inogadziriswa muRsync 3.2.5pre1 test release.
Kusagadzikana uku kunoyeuchidza nezvenyaya dzakapfuura muSCP uye zvakare kunokonzerwa neserver kuita sarudzo nezve nzvimbo yefaira kuti inyorwe, uye mutengi asingatarise nemazvo izvo zvinodzoserwa neseva nezvakakumbirwa, zvichibvumira sevha kuti inyore. nyora mafaira asina kukumbirwa pakutanga nemutengi. Semuenzaniso, kana mushandisi akakopa mafaera kudhairekitori repamba, sevha inogona kudzosa mafaira ane mazita .bash_aliases kana .ssh/authorized_keys panzvimbo yemafaira akumbirwa, uye anozochengetwa mudhairekitori repamba remushandisi.
Source: opennet.ru