Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive`
option, a default-enabled option for many client options and can be enabled by the server even if not
explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink
verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to
write files outside of the client's intended destination directory. A malicious server could write
malicious files to arbitrary locations named after valid directories/paths on the client. (CVE-2024-12087)
- A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of
attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed
SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. (CVE-2024-12084)
- A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an
attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and
uninitialized memory and leak one byte of uninitialized stack data at a time. (CVE-2024-12085)
- A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the
client's machine. This issue occurs when files are being copied from a client to a server. During this
process, the rsync server will send checksums of local data to the client to compare with in order to
determine what data needs to be sent to the server. By sending specially constructed checksum values for
arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the
responses from the client. (CVE-2024-12086)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 1/14/2025