Описание
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Отчет
This vulnerability is rated as having Important impact as it helps bypass Address Space Layout Randomization (ASLR). ASLR is a memory protection system which makes the exploitation of memory corruption vulnerabilities more difficult.
Меры по смягчению последствий
Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the sum2 buffer, a potential mitigation involves compiling rsync with the -ftrivial-auto-var-init=zero option set. This mitigates the issue because it initializes the sum2 variable's memory with zeroes to prevent uninitialized memory disclosure.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | rsync | Affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | rsync | Fixed | RHSA-2025:0849 | 30.01.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | rsync | Fixed | RHSA-2025:0714 | 27.01.2025 |
| Red Hat Enterprise Linux 8 | rsync | Fixed | RHSA-2025:0325 | 15.01.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | rsync | Fixed | RHSA-2025:0884 | 03.02.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | rsync | Fixed | RHSA-2025:0885 | 03.02.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | rsync | Fixed | RHSA-2025:0885 | 03.02.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | rsync | Fixed | RHSA-2025:0885 | 03.02.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | rsync | Fixed | RHSA-2025:0790 | 29.01.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | rsync | Fixed | RHSA-2025:0790 | 29.01.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
A flaw was found in rsync which could be triggered when rsync compares ...
EPSS
7.5 High
CVSS3