Rsync File Synchronization Tool Vulnerabilities

What are the Vulnerabilities?

Six security vulnerabilities have been disclosed in the popular Rsync tool, an open-source file synchronization and data transferring tool utilized for its ability to perform incremental transfers, reducing data transfer times and bandwidth usage. Several popular backup software such as Rclone, DeltaCopy, and ChronoSync use Rsync for file synchronization.

The vulnerabilities are present within versions 3.3.0 and below and includes heap-buffer overflow, information disclosure, file leak, external directory file-write, and symbolic-link race condition.

CVE-2024-12084- Heap-buffer overflow in Rsync due to improper checksum length handling
CVE-2024-12085- Information leak via uninitialized stack contents
CVE-2024-12086- Rsync server leaks arbitrary client files
CVE-2024-12087- Path traversal vulnerability in Rsync
CVE-2024-12088- Safe-links option bypass that leads to path traversal
CVE-2024-12747- Race condition in Rsync when handling symbolic links

CERT/CC also mentioned that an attacker could combine CVE-2024-12084 and CVE-2024-12085 to achieve arbitrary code execution on a client that has a Rsync server running. Read more at VU#952657

What is the recommended Mitigation?

Users are advised to apply the latest patches available at GitHub - RsyncProject

What FortiGuard Coverage is available?

• FortiGuard recommends users to apply the fix provided by the vendor and follow any mitigation as mentioned on VU#952657

• FortiGuard Endpoint Vulnerability Service is available to automatically detect vulnerable software installations of the Rsync Tool.
  -Endpoint Vulnerability | FortiGuard Labs

• FortiGuard IPS protection is being reviewed, and this Threat Signal will be updated accordingly as it becomes available.

• The FortiGuard Incident Response team can be engaged to help with any suspected compromise.