Main Vulnerability Database Vulnerabilities #VU102739

#VU102739 Race condition in Rsync - CVE-2024-12747

Published: January 14, 2025

Vulnerability identifier: #VU102739

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-12747

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Rsync

Software vendor:
Samba

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition when handling symbolic links. A local user can replace a file with a symbolic link, bypass implemented protection in rsync that prevents software from following symbolic links and read contents of arbitrary files on the system with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://seclists.org/oss-sec/2025/q1/16

#VU102739 Race condition in Rsync - CVE-2024-12747

Description

Remediation

External links

Please verify you're human