Jump to content
Login new information ×
Login new information
  • Security & Privacy News

    QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app

    Karlston

    By Karlston,
    Published Date:

    • 75 views
    • 3 minutes
     Share
    • 75 views
    • 3 minutes

    QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices.

     

    Rsync is an open-source file synchronization tool that supports direct file syncing via its daemon, SSH transfers via SSH, and incremental transfers that save time and bandwidth.

     

    It's widely used by many backup solutions like Rclone, DeltaCopy, and ChronoSync, as well as in cloud and server management operations and public file distribution.

     

    The flaws are tracked as CVE-2024-12084 (heap buffer overflow), CVE-2024-12085 (information leak via uninitialized stack), CVE-2024-12086 (server leaks arbitrary client files), CVE-2024-12087 (path traversal via --inc-recursive option), CVE-2024-12088 (bypass of --safe-links option), and CVE-2024-12747 (symbolic link race condition).

     

    QNAP says they affect HBS 3 Hybrid Backup Sync 25.1.x, the company's data backup and disaster recovery solution, which supports local, remote, and cloud storage services.

     

    In a security advisory released on Thursday, QNAP said it addressed these vulnerabilities in HBS 3 Hybrid Backup Sync 25.1.4.952 and advised customers to update their software to the latest version.

     

    To update the Hybrid Backup Sync installation on your NAS device, you will have to:

     

    1. Log on to QTS or QuTS hero as an administrator.
    2. Open App Center and search for HBS 3 Hybrid Backup Sync.
    3. Wait for HBS 3 Hybrid Backup Sync to show up in the search results
    4. Click Update and then OK in the follow-up confirmation message.

     

    These Rsync flaws can be combined to create exploitation chains that lead to remote system compromise. The attackers only require anonymous read access to vulnerable servers.

     

    "When combined, the first two vulnerabilities (heap buffer overflow and information leak) allow a client to execute arbitrary code on a device that has an Rsync server running," warned CERT/CC one week ago when rsync 3.4.0 was released with security fixes.

     

    "The client requires only anonymous read-access to the server, such as public mirrors. Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client."

     

    A Shodan search shows more than 700,000 IP addresses with exposed rsync servers. However, it's unclear how many of them are vulnerable to attacks exploiting these security vulnerabilities since successful exploitation requires valid credentials or servers configured for anonymous connections.

     

    Source

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every day for many years.

    News posts... 2023: 5,800+ | 2024: 5,700+

    RIP Matrix | Farewell my friend  :sadbye:

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...