CVE-2014-9512

Опубликовано: 21 дек. 2015

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

It was discovered that rsync did not properly perform sanity checks on certain meta-information. By sending specially crafted meta-information, a remote attacker could possibly exploit this flaw to cause an rsync endpoint to write data to files outside of the expected destination path.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	rsync	Will not fix
Red Hat Enterprise Linux 6	rsync	Will not fix
Red Hat Enterprise Linux 7	rsync	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-22

https://bugzilla.redhat.com/show_bug.cgi?id=1293854rsync: Transferring file outside destination path via just-sent symlink

EPSS

Процентиль: 92%

0.08882

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-9512

ubuntu

почти 11 лет назад

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

CVE-2014-9512

nvd

почти 11 лет назад

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

CVE-2014-9512

debian

почти 11 лет назад

rsync 3.1.1 allows remote attackers to write to arbitrary files via a ...

openSUSE-SU-2016:1671-1

suse-cvrf

больше 9 лет назад

Security update for rsync

SUSE-SU-2016:2151-1

suse-cvrf

больше 9 лет назад

Security update for rsync

EPSS

Процентиль: 92%

0.08882

Низкий

4.3 Medium

CVSS2