PT-2024-10122 · Rsync+10 · Rsync+10

Aleksei Gorban

·

Published

2024-12-18

·

Updated

2025-05-14

·

CVE-2024-12747

CVSS v3.1

5.6

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions rsync (affected versions not specified)
Description The issue arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2025:2600
ALSA-2025:7050
ALT-PU-2025-1240
ALT-PU-2025-1316
ALT-PU-2025-1318
ALT-PU-2025-1320
ALT-PU-2025-1322
AZL-55673
AZL-55679
BDU:2025-00372
CESA-2025_2600
CVE-2024-12747
DLA-4015-1
DLA-4015-2
DSA-5843-1
DSA-5843-2
INFSA-2025_2600
INFSA-2025_7050
MGASA-2025-0019
OESA-2025-1060
OESA-2025-1061
OESA-2025-1062
OESA-2025-1063
OESA-2025-1064
OPENSUSE-SU-2025:14665-1
OPENSUSE-SU-2025_0156-1
OPENSUSE-SU-2025_0165-1
RHSA-2025:2600
RHSA-2025:7050
RHSA-2025_2600
RHSA-2025_7050
SUSE-SU-2025:0156-1
SUSE-SU-2025:0157-1
SUSE-SU-2025:0165-1
SUSE-SU-2025:0166-1
SUSE-SU-2025:0991-1
SUSE-SU-2025:20122-1
SUSE-SU-2025:20223-1
SUSE-SU-2025_0991-1
USN-7206-1
USN-7206-2
USN-7206-3
USN-7206-4

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Rsync