CVE-2025-67901
📋 TL;DR
This vulnerability in openrsync allows a client to crash the rsync server by sending specially crafted data with a zero-length block. The server fails to validate the relationship between two internal variables (p->rem and p->len), leading to a segmentation fault (SIGSEGV). This affects OpenBSD systems up to version 7.8 and any other platforms using openrsync through version 0.5.0.
💻 Affected Systems
- openrsync
- OpenBSD
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Denial of service causing rsync service disruption, potentially affecting data synchronization and backup operations.
Likely Case
Service interruption requiring manual restart of rsync daemon, disrupting file transfers.
If Mitigated
Minimal impact if rsync is monitored with automatic restart capabilities.
🎯 Exploit Status
Proof of concept available in GitHub issue. Exploitation requires network access to rsync server port (default 873).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: OpenBSD 7.9 and later, openrsync 0.5.1 and later
Vendor Advisory: https://github.com/kristapsdz/openrsync/issues/34
Restart Required: Yes
Instructions:
1. Update OpenBSD to version 7.9 or later. 2. For other systems, update openrsync to version 0.5.1 or later. 3. Restart rsync service after patching.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to rsync server to trusted IP addresses only.
Use firewall rules to limit access to rsync port (default 873)
Use Alternative rsync Implementation
linuxReplace openrsync with standard rsync implementation if possible.
Install rsync package from your distribution's repository
🧯 If You Can't Patch
- Implement strict network segmentation to limit rsync server exposure
- Monitor rsync service for crashes and implement automatic restart
🔍 How to Verify
Check if Vulnerable:
Check openrsync version with 'openrsync --version' or check OpenBSD version with 'uname -a'Check Version:
openrsync --version 2>/dev/null || echo 'openrsync not installed'Verify Fix Applied:
Verify version is OpenBSD >=7.9 or openrsync >=0.5.1📡 Detection & Monitoring
Log Indicators:
- rsync daemon crash logs
- segmentation fault (SIGSEGV) messages in system logs
Network Indicators:
- Unexpected connections to rsync port followed by service interruption
SIEM Query:
source="system_logs" AND ("rsync" AND ("segmentation fault" OR "SIGSEGV" OR "crash"))