[arin-tech-discuss] RSYNC vulnerabilities and RPKI
Mark Kosters
markk at arin.net
Thu Jan 16 17:16:50 EST 2025
As you may have heard, six vulnerabilities have been identified in RSYNC: https://www.kb.cert.org/vuls/id/952657.
ARIN was aware of the six RSYNC CVEs and completed patching of our RPKI RSYNC systems on Jan 15, 2025. Prior to the installation of the patch, our systems were not vulnerable to CVE-2024-12084. Additionally, we saw no abnormal activity reported by our monitoring tools before the patch was installed.
Our RRDP and RSYNC repositories run independently, so the RRDP repository was not impacted.
Regards,
Mark Kosters
ARIN CTO
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20250116/853a1f2f/attachment.htm>
More information about the arin-tech-discuss
mailing list