Rsync has had eight CVEs assigned to it at last count, the most severe of which are vulnerabilities related to access-control bypass problems similar to CVE-2017-17433.Ī different, more fundamental class of vulnerabilities has existed since the original release of rsync. The usual workaround to this shortcoming is to use Secure Shell (SSH) to tunnel the rsync communication, rather than exposing rsync directly, which mitigates most of the risk we are discussing. Rsync also has the ability to require authentication at varying stages of the process, which is achieved with a 128-bit, MD4-based challenge response system, but it doesn’t natively provide encryption of any of the data transferred over the rsync connection. The rsync daemon has had a variety of security capabilities layered in since its original release in 1996, including host- and file-level ACLs, chroot, and the ability to prevent a module from showing up in the listing, such as in the example above. As an example of what a client sees from the module level, when we look at the rsync instance used to distribute rsync itself-we see eight modules presented after a brief greeting or “message of the day,” as seen below: In daemon mode, rsync organizes files using modules, which are just symbolic names and descriptions that point to a specific directory reachable by the user running the rsync daemon. Analysis of the data collected about exposed rsync instances on the public internet resulted in a variety of findings some were expected, some were not. The primary focus of this research was to understand more about what is exposing rsync, including anything that could speak to the security of these instances, with the goal being outreach, education, and security awareness. Deploying rsync in daemon mode is tricky from a security perspective as history has shown and our research will help solidify. Rapid7 Labs recently decided to take a fresh look at rsync, this time focusing on exposure of rsync globally on the public internet. In the remainder of this research, when we refer to rsync, we mean rsync operating in daemon mode unless otherwise noted. Rsync also has the ability to operate in a daemon mode where it listens on port 873/TCP. Rsync is primarily a utility for synchronizing files between systems in an efficient manner and is frequently used for archival and backup purposes as well as data distribution and sharing tasks. ![]() This blog was co-written by Jon Hart and Shan Sikdar.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |