CVE-2014-9512
Published: 12 February 2015
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
Notes
Author | Note |
---|---|
mdeslaur | rsync 3.1.1 introduced invalid filename filtering to prevent malicious servers from sending files outside of the specified directory: https://git.samba.org/?p=rsync.git;a=commit;h=4cad402ea8a91031f86c53961d78bb7f4f174790 CVE-2014-9512 is about malicious servers being able to bypass that filtering by changing paths. This is a security hardening feature that was added in 3.1.1. Either the whole feature needs to be backported to versions earlier than 3.1.1, or this issue doesn't apply to them. a second commit was later added: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=e12a6c087ca1eecdb8eae5977be239c24f4dd3d9 packages in vivid+ claim that this CVE is fixed, but are missing the second commit |
Priority
Status
Package | Release | Status |
---|---|---|
rsync Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(3.0.9-1ubuntu1.1)
|
|
trusty |
Released
(3.1.0-2ubuntu0.2)
|
|
upstream |
Released
(3.1.2)
|
|
utopic |
Ignored
(end of life)
|
|
wily |
Released
(3.1.1-3ubuntu0.15.10.1)
|
|
vivid |
Released
(3.1.1-3ubuntu0.15.04.1)
|
|
Patches: upstream: https://git.samba.org/?p=rsync.git;a=commit;h=962f8b90045ab331fc04c9e65f80f1a53e68243b upstream: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=e12a6c087ca1eecdb8eae5977be239c24f4dd3d9 |