Debian rsync Vulnerabilities Lead to Privilege Escalation and DoS Risks
Severity: Medium (Score: 57.8)
Sources: Linuxsecurity
Published: · Updated:
Keywords: rsync, local, escalation, debian, denial, service, privilege
Severity indicators: critical
Summary
Multiple vulnerabilities were identified in the rsync tool, affecting Debian 11 (bullseye), Debian 12 (bookworm), and Debian 13 (trixie). These vulnerabilities could lead to local privilege escalation, denial of service, and remote memory disclosure. For Debian 11, the issues were addressed in version 3.2.3-4+deb11u4, while Debian 12 and 13 received updates in versions 3.2.7-1+deb12u5 and 3.4.1+ds1-5+deb13u3, respectively. Users are advised to upgrade their rsync packages to mitigate these risks. The vulnerabilities affect systems running these Debian versions and could be exploited by authenticated users. Detailed security advisories are available for further guidance on applying the updates. Key Points: • Critical vulnerabilities in rsync affect Debian 11, 12, and 13 distributions. • Issues include local privilege escalation, denial of service, and remote memory disclosure. • Users are urged to upgrade rsync to the latest patched versions immediately.
Detailed Analysis
**Impact** Users of Debian 11 (bullseye), Debian oldstable (bookworm), and stable (trixie) distributions are affected by vulnerabilities in the rsync tool. These vulnerabilities allow local privilege escalation, denial of service, bypass of access restrictions, and remote memory disclosure, potentially impacting system integrity and availability. The scope includes any environment running vulnerable rsync versions, with no specific sectors or geographies detailed. Data at risk includes any files or system resources accessible via compromised rsync instances. **Technical Details** The vulnerabilities affect rsync versions prior to 3.2.3-4+deb11u4 for Debian 11, 3.2.7-1+deb12u5 for bookworm, and 3.4.1+ds1-5+deb13u3 for trixie. Attack vectors include local exploitation for privilege escalation and denial of service, as well as remote memory disclosure to authenticated daemon peers. No CVE identifiers or specific malware/tools are mentioned. The attack occurs at the post-exploitation and lateral movement stages of the kill chain. No indicators of compromise (IOCs) are provided. **Recommended Response** Apply the updated rsync packages immediately: version 3.2.3-4+deb11u4 for Debian 11, 3.2.7-1+deb12u5 for bookworm, and 3.4.1+ds1-5+deb13u3 for trixie. Monitor rsync daemon logs for unusual activity and restrict access to rsync services to trusted users only. Harden system configurations to limit local user privileges where possible. No additional detection signatures or IOCs are available at this time.
Source articles (2)
- Debian 11 rsync Critical Local Escalation Denial of Service DLA-4591 — Linuxsecurity · 2026-05-20
Several vulnerabilities were discovered in rsync, a fast, versatile, remote (and local) file-copying tool, which may result in local privilege escalation, bypass of intended access restrictions, remot… - Debian rsync Important Privilege Escalation Denial of Service DSA-6282 — Linuxsecurity · 2026-05-20
For the oldstable distribution (bookworm), these problems have been fixed in version 3.2.7-1+deb12u5. For the stable distribution (trixie), these problems have been fixed in version 3.4.1+ds1-5+deb13u…
Timeline
- 2026-05-20 — Debian releases security advisory for rsync vulnerabilities: Debian published advisories DLA-4591 for bullseye and DSA-6282 for bookworm and trixie, detailing vulnerabilities and fixes.
- 2026-05-20 — Patched versions released for affected Debian distributions: Debian 11 fixed in version 3.2.3-4+deb11u4, Debian 12 in 3.2.7-1+deb12u5, and Debian 13 in 3.4.1+ds1-5+deb13u3.
Related entities
- Data Breach (Attack Type)
- DDoS (Attack Type)
- Privilege Escalation (Attack Type)
- CWE-269 - Improper Privilege Management (Cwe)
- T1068 - Exploitation for Privilege Escalation (Mitre Attack)
- Debian (Company)
- Linux (Platform)