Rsync path spoofing attack vulnerability (rsync 3.1.1 tested)
Gao,Jianfeng
gaojianfeng at baidu.com
Mon Dec 1 00:56:48 MST 2014
Hi:
In newest version rsync(3.1.1),directly modify the file path into absolute path is not hijack succeed due to the security checks,but using symbolic links still can bypass security checks and spoofing client.
A new bug I submitted :https://bugzilla.samba.org/show_bug.cgi?id=10977
Online test:
rsync -avvzP 106.185.33.114::yaseng /tmp/yaseng
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20141201/402815c4/attachment.html>
More information about the rsync
mailing list