CVE-2024-12084 is fun - unauth RCE in rsyncd, the server side version. 3.2.7 and < 3.4.0.
Apt-get upgrade time.
I don’t think there’s a public exploit, and unclear to me (as I’m a dum dum) if various mitigations would work to limit impact, eg compiler, ASLR, PIE etc.
Comments
Displaying 0 of 1 comments
Not a Goat 🦝
In response to this post@GossiTheDog Here's a link: https://kb.cert.org/vuls/id/952657 and another one https://www.openwall.com/lists/oss-security/2025/01/14/3
Mentions: @GossiTheDog@cyberplace.social
Likes: 0
Replies: 0
Boosts: 1