SB20250117171 - SUSE update for rsync 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20250117171

SB20250117171 - SUSE update for rsync

Published: January 17, 2025

Security Bulletin ID SB20250117171
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 80% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Use of Uninitialized Variable (CVE-ID: CVE-2024-12085)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to information leak when comparing file checksums. A remote attacker can pass specially crafted data to the daemon and read 1 byte of uninitialized memory from stack.


2) Information disclosure (CVE-ID: CVE-2024-12086)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application when handling checksums. A remote attacker can trick the victim into connecting to an attacker-controlled server and enumerate contents of arbitrary files on the client's machine, basically allowing a rouge server to read contents byte-by-byte of any file on the client's system.

This issue occurs when files are being copied from a client to a server.


3) Path traversal (CVE-ID: CVE-2024-12087)

The vulnerability allows a remote server to write files to arbitrary locations on the system.

The vulnerability exists due to input validation error when using "--inc-recursive" option. A remote attacker can can trick the victim into connecting to a rouge rsync server and write arbitrary files to arbitrary locations on the client system.


4) Path traversal (CVE-ID: CVE-2024-12088)

The vulnerability allows a remote server to write files to arbitrary locations on the system.

The vulnerability exists due to input validation error when using "--safe-links" option. A remote attacker can can trick the victim into connecting to a rouge rsync server and write arbitrary files to arbitrary locations on the client system.

5) Race condition (CVE-ID: CVE-2024-12747)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition when handling symbolic links. A local user can replace a file with a symbolic link, bypass implemented protection in rsync that prevents software from following symbolic links and read contents of arbitrary files on the system with elevated privileges.


Remediation

Install update from vendor's website.

References