CVE-2024-12087

Name
CVE-2024-12087
Description
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2024-12087
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2330672
secalert@redhat.com https://kb.cert.org/vuls/id/952657
134c704f-9b21-4f2e-91b3-4a467353bcc0 https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
vendor-advisory https://access.redhat.com/errata/RHSA-2025:2600
vendor-advisory https://access.redhat.com/errata/RHSA-2025:7050
vendor-advisory https://access.redhat.com/errata/RHSA-2025:8385
af854a3a-2127-422b-91ae-364da2661108 https://security.netapp.com/advisory/ntap-20250131-0002/
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
af854a3a-2127-422b-91ae-364da2661108 https://www.kb.cert.org/vuls/id/952657

Match rules

CPE URI Source package Min version Max version
shopxo >= 0 <= 3.3.0
cpe:/o:redhat:enterprise_linux:8::baseos shopxo >= 0:3.1.3-21.el8_10 < *
cpe:/o:redhat:enterprise_linux:9::baseos shopxo >= 0:3.2.5-3.el9 < *
cpe:/a:redhat:discovery:1.14::el9 shopxo >= sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rsync edge-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.21-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.20-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.19-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync 3.18-main 3.4.0-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
rsync edge-main 3.3.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.21-main 3.3.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.21-main 3.3.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.20-main 3.3.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
rsync 3.19-main 3.2.7-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable