Heap-based Buffer Overflow Vulnerability in Rsync Daemon by Red Hat
CVE-2024-12084

9.8CRITICAL

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
15 January 2025

Badges

🔥 Trending now📈 Trended📈 Score: 5,930👾 Exploit Exists📰 News Worthy

What is CVE-2024-12084?

CVE-2024-12084 refers to a heap-based buffer overflow vulnerability identified in the rsync daemon developed by Red Hat. Rsync is a widely used utility in UNIX-like systems for efficiently transferring and synchronizing files between a computer and a storage device. This vulnerability arises from improper handling of attacker-controlled checksum lengths, which can enable malicious actors to write beyond the designated buffer limits. The exploitation of this flaw can lead to serious security breaches, impacting the integrity and availability of organizational systems that rely on rsync for file synchronization and backup purposes.

Technical Details

The vulnerability is rooted in the handling of checksum lengths (specifically, s2length) within the rsync daemon's code. When the variable MAX_DIGEST_LEN exceeds a predetermined fixed limit of SUM_LENGTH, which is set at 16 bytes, it allows attackers to write to out-of-bounds memory areas in the sum2 buffer. This improper management of memory could potentially enable an attacker to manipulate the program's execution sequence, leading to unauthorized access or arbitrary code execution under certain conditions.

Potential Impact of CVE-2024-12084

  1. Unauthorized Access: Exploiting this vulnerability could permit attackers to gain unauthorized access to systems running the rsync daemon, compromising sensitive data and resources.

  2. Remote Code Execution: The buffer overflow may enable attackers to execute arbitrary code on the affected systems, potentially allowing them to take complete control over the server environment.

  3. Disruption of Services: This vulnerability can lead to instability in the rsync service, causing outages or degraded performance. Organizations relying on rsync for critical file transfers and backups may face operational risks as a result.

News Articles

favicon imageTechzine Europe

File sync tool rsync is vulnerable, 660,000 servers exposed

rsync is safe if provided with the latest patch. In fact, the old tool contains six vulnerabilities in an earlier version.

4 days ago

favicon imageSC Media

Severe Rsync vulnerabilities — CVSS 9.8 — risk RCE, data leaks

The critical and high severity flaws were discovered by Google Cloud researchers.

5 days ago

favicon imageBleepingComputer

Over 660,000 Rsync servers exposed to code execution attacks

Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers.

5 days ago

References

https://access.redhat.com/security/cve/CVE-2024-12084
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2330527
issue-trackingx_refsource_REDHAT
https://kb.cert.org/vuls/id/952657

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Habr

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
.