Rsync Vulnerability
Found this article on a Rysnc exploit and was wondering if/when cPanel will be providing an update for this. Or is it something I shouldn't be concerned with on the cPanel platform itself? I believe cPanel backup uses Rsync to backup files correct? I could try updating to the correct version myself but thought I'd see if that is something that should be done on your end.
When checking my version on the server I am seeing this version:
# rsync --version | head -n 1
rsync version 3.1.3 protocol version 31
# rpm -q rsync
rsync-3.1.3-20.el8_10.x86_64
-
Hey there! Unfortunately this one isn't up to cPanel as rsync is handled by the operating system. At this time, neither RedHat nor AlmaLinux has patched this issue. Ubuntu released a patch 2 days ago to resolve this:
https://ubuntu.com/blog/rsync-remote-code-execution
but at this time waiting for the OSs to patch it is the best plan.
If you block port 873 and 8873 on your system that would also mitigate any issues, although that would keep rsync from functioning, as expected. The only issue that could be related to cPanel with this work is if you have a remote rsync backup destination - any local backups wouldn't be vulnerable as this requires something external to the machine to be exploited.
1 -
cPRex, thanks for your reply. I will wait for Almalinux to patch it. I do have port 873 blocked for both tcp in and out but didn't know about port 8873. Also the only backup I have in place is weekly for all accounts on server to a backup drive on the same server. Am I correct in assuming then I needn't be worried based on your comment that local backups won't be vulnerable? If so, I will remove the port blocks to ensure my backups still continue. Thanks again for the clarification.
0 -
That's correct - if you have those closed you're all set!
1 -
Okay thanks!
0
Please sign in to leave a comment.
Comments
4 comments