ALAS2-2022-1873 --- rsyncID: oval:org.secpod.oval:def:1701055 | Date: (C)2022-11-10 (M)2023-12-07 |
Class: PATCH | Family: unix |
A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker who performs a man-in-the-middle attack, to potentially overwrite sensitive files on the client machine, resulting in further exploitation