thr3ads.net - rsync - Rsync path spoofing attack vulnerability (rsync 3.1.1 tested) [Dec 2014]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Gao,Jianfeng

2014-Dec-01 07:56 UTC

Rsync path spoofing attack vulnerability (rsync 3.1.1 tested)

Hi:

    In newest version rsync(3.1.1),directly modify the file path into absolute
path is  not hijack succeed due to the security checks,but using symbolic links
still can bypass  security checks and spoofing client.
A new bug I submitted :https://bugzilla.samba.org/show_bug.cgi?id=10977

Online  test:
rsync -avvzP  106.185.33.114::yaseng   /tmp/yaseng


-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.samba.org/pipermail/rsync/attachments/20141201/402815c4/attachment.html>

rsync - Dec 2014 - Rsync path spoofing attack vulnerability (rsync 3.1.1 tested)

Rsync path spoofing attack vulnerability (rsync 3.1.1 tested)