Race Condition in Rsync's Symbolic Link Handling Affects Red Hat Systems
CVE-2024-12747

5.6MEDIUM

Key Information:

Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Discovery 1.14
Vendor
CVE Published:
14 January 2025

What is CVE-2024-12747?

A vulnerability exists in rsync due to a race condition detected in its handling of symbolic links. By default, rsync skips symbolic links; however, if an attacker replaces a regular file with a symbolic link during a critical operation, they can exploit this timing issue. Such an exploit may allow the attacker to bypass rsync's default behavior, potentially leaking sensitive information or facilitating privilege escalation, depending on the permissions of the rsync process. This vulnerability necessitates immediate attention to mitigate unauthorized access risks.

References

https://access.redhat.com/errata/RHSA-2025:2600
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:7050
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:8385
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.