#VU66189 Path traversal in Rsync


Published: 2022-08-08

Vulnerability identifier: #VU66189

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-29154

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Rsync
Server applications / Other server solutions

Vendor: Samba

Description

The vulnerability allows a remote server to perform directory traversal attacks.

The vulnerability exists due to input validation error within the rsync client  when processing file names. A remote malicious server overwrite arbitrary files in the rsync client target directory and subdirectories on the connected peer.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Rsync: 3.2.0 - 3.2.4pre4

CPE

External links
http://www.openwall.com/lists/oss-security/2022/08/02/1

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Cloud Foundry Foundation cflinuxfs3
Ubuntu update for rsync
Multiple vulnerabilities in IBM QRadar SIEM
Multiple vulnerabilities in Dell VxRail Appliance components
Multiple vulnerabilities in Dell NetWorker vProxy
Multiple vulnerabilities in OpenShift Virtualization 4.11
Multiple vulnerabilities in Dell EMC Data Protection Central
Multiple vulnerabilities in Dell Secure Connect Gateway
Multiple vulnerabilities in IBM QRadar Network Packet Capture
Multiple vulnerabilities in Dell VxRail