CVE-2014-9512 — Link Following in Samba Rsync

CWE-59 — Link Following CWE-22 — Path Traversal10 documents9 sources

Severity

6.4MEDIUMNVD

EPSS

8.9%

top 7.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Rsync Opensuse Oracle Solaris

Timeline

PublishedFeb 12

Latest updateMay 13

Description

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages4 packages

▶Debiansamba/rsync< 3.1.1-3+3

▶NVDsamba/rsync3.1.1

▶NVDoracle/solaris10.0, 11.3+1

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-gc42-wr8h-vr6f: rsync 3↗2022-05-13

▶

OSV

CVE-2014-9512: rsync 3↗2015-02-12

▶

CVEList

CVE-2014-9512: rsync 3↗2015-02-12

▶

📋Vendor Advisories

Apple

CVE-2014-9512: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra↗2020-07-15

▶

Ubuntu

rsync vulnerability↗2016-01-21

▶

Red Hat

rsync: Transferring file outside destination path via just-sent symlink↗2015-12-21

▶

Debian

CVE-2014-9512: rsync - rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink at...↗2014

▶

💬Community

Bugzilla

CVE-2014-9512 rsync: Transferring file outside destination path via just-sent symlink↗2015-12-23

▶

Bugzilla

CVE-2014-9512 rsync: Transferring file outside destination path via just-sent symlink [fedora-all]↗2015-12-23

▶