rsync-3.1.2-12.0.4.el7.AXS7
エラータID: AXSA:2025-9719:05
リリース日:
2025/03/04 Tuesday - 15:44
題名:
rsync-3.1.2-12.0.4.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- rsync には、レースコンディションに起因してシンボリック
リンクのトラバースを許容してしまう問題があるため、
ローカルの攻撃者により、特権の昇格、および情報の漏洩を
可能とする脆弱性が存在します。(CVE-2024-12747)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-12747
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- rsync-3.1.2-12.0.4.el7.AXS7.x86_64.rpm
MD5: 73aee2f46c1589a26bf58cfccd619e62
SHA-256: 639596824b8425d39b88323b9714e6339126fba5a4ef1d2b1a4a791f613b7cb1
Size: 408.33 kB
English