Vigil@nce - rsync: file not synchronized via MD5 collisions
July 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can trigger MD5 collisions in rsync, in order to
prevent file synchronization.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 28/07/2014
DESCRIPTION OF THE VULNERABILITY
The rsync tool is is used to synchronize files between hosts.
Files to be transfered are recognized by a MD5 hash change.
However, a local attacker can alter a file that keeps its MD5
fingerprint.
A local attacker can therefore trigger MD5 collisions in rsync, in
order to prevent file synchronization.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/rsync-file-not-synchronized-via-MD5-collisions-15103