Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

ASA-202501-1 - log back

ASA-202501-1 edited at 14 Jan 2025 21:55:59

ASA-202501-1 edited at 14 Jan 2025 21:39:53

Impact

+	A remote attacker is able to execute arbitrary code on a device that has an Rsync server running. The client requires only anonymous read-access to the server, such as public mirrors.
+	Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client. Sensitive data, such as OpenPGP and SSH keys, can be extracted, and malicious code can be executed by overwriting files such as ~/.bashrc or ~/.popt.

ASA-202501-1 created at 14 Jan 2025 21:37:18