Ubuthathaka (CVE-2022-29154) ichongiwe kwi-rsync, into eluncedo yolungelelwaniso lwefayile kunye ne-backup, evumela iifayile ezichaseneyo kulawulo ekujoliswe kulo ukuba zibhalwe okanye zibhalwe ngaphezulu kwicala lomsebenzisi xa ufikelela kwiseva ye-rsync elawulwa ngumhlaseli. Ngokunokwenzeka, uhlaselo lunokuthi lwenziwe ngenxa yokuphazamiseka (MITM) kunye nokuhamba kwezithuthi phakathi komxhasi kunye nomncedisi osemthethweni. Umba ulungiswe kwi-Rsync 3.2.5pre1 yokukhululwa kovavanyo.
Ubuthathaka bukhumbuza imiba edlulileyo kwi-SCP kwaye kubangelwa ukuba umncedisi enze isigqibo malunga nendawo yefayile eya kubhalwa, kwaye umxhasi akajongi kakuhle oko kubuyiswa ngumncedisi kunye noko bekuceliwe, ukuvumela umncedisi ukuba abhale. bhala iifayile ezingafunwanga kuqala ngumxhasi. Umzekelo, ukuba umsebenzisi ukhuphela iifayile kulawulo lwasekhaya, umncedisi unokubuyisela iifayile ezibizwa .bash_aliases okanye .ssh/authorized_keys endaweni yeefayile eziceliweyo, kwaye ziya kugcinwa kulawulo lwasekhaya lomsebenzisi.
umthombo: opennet.ru