Rsync path spoofing attack vulnerability (rsync 3.1.1 tested)

Gao,Jianfeng gaojianfeng at
Mon Dec 1 00:56:48 MST 2014


    In newest version rsync(3.1.1),directly modify the file path into absolute path is  not hijack succeed due to the security checks,but using symbolic links still can bypass  security checks and spoofing client.
A new bug I submitted :

Online  test:
rsync -avvzP   /tmp/yaseng

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the rsync mailing list