Rsync Symlink Race Condition Vulnerability in Path-Based System Calls

A symlink race condition vulnerability has been identified in Rsync versions prior to 3.4.3. This vulnerability exists in path-based system calls such as chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat. It allows local attackers to manipulate operations and redirect them to files outside the designated rsync module. Exploitation takes advantage of the timing difference between resolving file paths and executing system calls, enabling attackers to apply permissions, ownership, timestamps, or filenames from the sender to arbitrary files beyond the intended module boundaries on rsync daemons with 'use chroot = no' configured.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of file attributes, including permissions, ownership, and timestamps, on files outside the exported rsync module.

Remediation

Users are advised to update Rsync to version 3.4.3 or later. For rsync daemons, ensure that 'use chroot' is set to yes.