Rsync path spoofing attack vulnerability
Bug #1531061 reported by
Taylor Raack
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rsync (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
A security fix in rsync 3.1.2 was released, adding extra check to the file list to prevent a malicious sender to use unsafe destination path for transferred file, such as just-sent symlink.
Details on the bug from rsync's page (hosted at samba), replication information, patch information can be found here: https:/
Upstream patch:
https:/
Seems like this should be backported to currently supported LTS and regular releases as a security update?
CVE References
To post a comment you must log in.
Looks like this is http:// people. canonical. com/~ubuntu- security/ cve/2014/ CVE-2014- 9512.html