Ubuthathaka (CVE-2022-29154) ichongiwe kwi-rsync, into eluncedo yolungelelwaniso lwefayile kunye ne-backup, evumela iifayile ezichaseneyo kulawulo ekujoliswe kulo ukuba zibhalwe okanye zibhalwe ngaphezulu kwicala lomsebenzisi xa ufikelela kwiseva ye-rsync elawulwa ngumhlaseli. Ngokunokwenzeka, uhlaselo lunokuthi lwenziwe ngenxa yokuphazamiseka (MITM) kunye nokuhamba kwezithuthi phakathi komxhasi kunye nomncedisi osemthethweni. Umba ulungiswe kwi-Rsync 3.2.5pre1 yokukhululwa kovavanyo.
Ubuthathaka bukhumbuza imiba yangaphambili kwi-SCP kwaye bubangelwa yiseva eyenza izigqibo malunga nendawo yefayile ebhaliweyo, kwaye umthengi akaqinisekisi ngokufanelekileyo oko iseva ikubuyiselayo kunye noko bekuceliwe, okuvumela umncedisi bhala iifayile ezingacelwanga ngumthengi ekuqaleni. Umzekelo, ukuba umsebenzisi ukhuphela iifayile kwifolda yasekhaya, umncedisi Ingabuyisa iifayile ezibizwa ngokuba yi-.bash_aliases okanye i-.ssh/authorized_keys endaweni yeefayile eziceliweyo, kwaye ziya kugcinwa kwi-home directory yomsebenzisi.
umthombo: opennet.ru
