CVE-2014-9512

Published: 12 February 2015

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

Priority

Medium

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
Upstream
Released (3.1.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.1.0-2ubuntu0.2)
Patches:
Upstream: https://git.samba.org/?p=rsync.git;a=commit;h=962f8b90045ab331fc04c9e65f80f1a53e68243b
Upstream: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=e12a6c087ca1eecdb8eae5977be239c24f4dd3d9

Notes

AuthorNote
mdeslaur
rsync 3.1.1 introduced invalid filename filtering to prevent
malicious servers from sending files outside of the specified
directory:
https://git.samba.org/?p=rsync.git;a=commit;h=4cad402ea8a91031f86c53961d78bb7f4f174790

CVE-2014-9512 is about malicious servers being able to bypass
that filtering by changing paths.

This is a security hardening feature that was added in 3.1.1.
Either the whole feature needs to be backported to versions
earlier than 3.1.1, or this issue doesn't apply to them.

a second commit was later added:
https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=e12a6c087ca1eecdb8eae5977be239c24f4dd3d9
packages in vivid+ claim that this CVE is fixed, but are missing
the second commit

References

Bugs