CVE-2014-9512

Publication date 12 February 2015

Last updated 24 July 2024

Ubuntu priority

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
rsync	15.10 wily	Fixed 3.1.1-3ubuntu0.15.10.1
	15.04 vivid	Fixed 3.1.1-3ubuntu0.15.04.1
	14.10 utopic	Ignored end of life
	14.04 LTS trusty	Fixed 3.1.0-2ubuntu0.2
	12.04 LTS precise	Fixed 3.0.9-1ubuntu1.1
	10.04 LTS lucid	Ignored end of life

Notes

mdeslaur

rsync 3.1.1 introduced invalid filename filtering to prevent malicious servers from sending files outside of the specified directory: https://git.samba.org/?p=rsync.git;a=commit;h=4cad402ea8a91031f86c53961d78bb7f4f174790 CVE-2014-9512 is about malicious servers being able to bypass that filtering by changing paths. This is a security hardening feature that was added in 3.1.1. Either the whole feature needs to be backported to versions earlier than 3.1.1, or this issue doesn't apply to them. a second commit was later added: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=e12a6c087ca1eecdb8eae5977be239c24f4dd3d9 packages in vivid+ claim that this CVE is fixed, but are missing the second commit

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
rsync	Upstream: https://git.samba.org/?p=rsync.git;a=commit;h=962f8b90045ab331fc04c9e65f80f1a53e68243b Upstream: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=e12a6c087ca1eecdb8eae5977be239c24f4dd3d9

References

Related Ubuntu Security Notices (USN)