Vulnerability Details CVE-2014-9512
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.089
EPSS Ranking 92.1%
CVSS Severity
CVSS v2 Score 6.4
References
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00041.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00095.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00112.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securityfocus.com/bid/76093
- http://www.securitytracker.com/id/1034786
- http://www.ubuntu.com/usn/USN-2879-1
- http://xteam.baidu.com/?p=169
- https://bugzilla.samba.org/show_bug.cgi?id=10977
- https://security.gentoo.org/glsa/201605-04
- https://support.apple.com/kb/HT211168
- https://support.apple.com/kb/HT211170
- https://support.apple.com/kb/HT211171
- https://support.apple.com/kb/HT211175
- https://support.apple.com/kb/HT211289
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00041.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00095.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00112.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securityfocus.com/bid/76093
- http://www.securitytracker.com/id/1034786
- http://www.ubuntu.com/usn/USN-2879-1
- http://xteam.baidu.com/?p=169
- https://bugzilla.samba.org/show_bug.cgi?id=10977
- https://security.gentoo.org/glsa/201605-04
- https://support.apple.com/kb/HT211168
- https://support.apple.com/kb/HT211170
- https://support.apple.com/kb/HT211171
- https://support.apple.com/kb/HT211175
- https://support.apple.com/kb/HT211289
Products affected by CVE-2014-9512
-
cpe:2.3:a:samba:rsync:3.1.1
-
cpe:2.3:o:opensuse:opensuse:13.1
-
cpe:2.3:o:opensuse:opensuse:13.2
-
cpe:2.3:o:oracle:solaris:10.0
-
cpe:2.3:o:oracle:solaris:11.3