Vulnerability in Oracle Solaris

CVE-2014-9512

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

EPSS: 0.089 (92.7th percentile) — read the EPSS interpretation.

Affected products

Oracle Solaris — versions 10.0, 11.3
Samba Rsync — versions 3.1.1
Opensuse — versions 13.1, 13.2
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

1034786 (vdb-entry, x_refsource_SECTRACK)
76093 (vdb-entry, x_refsource_BID)
GLSA-201605-04 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
openSUSE-SU-2016:1695 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
openSUSE-SU-2016:1671 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM, Exploit, Issue Tracking)
cve@mitre.org (Exploit, x_refsource_MISC)
USN-2879-1 (x_refsource_UBUNTU, vendor-advisory)
openSUSE-SU-2015:0249 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)