Race Condition in Rsync's Symbolic Link Handling Affects Red Hat Systems
CVE-2024-12747

Currently unrated

Key Information:

Vendor: Red Hat
Vendor: CVE Published:; 14 January 2025

Summary

A vulnerability exists in rsync due to a race condition detected in its handling of symbolic links. By default, rsync skips symbolic links; however, if an attacker replaces a regular file with a symbolic link during a critical operation, they can exploit this timing issue. Such an exploit may allow the attacker to bypass rsync's default behavior, potentially leaking sensitive information or facilitating privilege escalation, depending on the permissions of the rsync process. This vulnerability necessitates immediate attention to mitigate unauthorized access risks.

References

https://access.redhat.com/security/cve/CVE-2024-12747

https://bugzilla.redhat.com/show_bug.cgi?id=2332968

https://kb.cert.org/vuls/id/952657

Timeline

Vulnerability published
Jan 14, 2025