Skip to main content

Rsync CVE-2022-29154

HIGH
Improper Input Validation (CWE-20)
2022-08-02 cve@mitre.org
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 02, 2022 - 15:15 nvd
HIGH 7.4

DescriptionNVD

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

AnalysisAI

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). Affected products include: Samba Rsync, Fedoraproject Fedora. Version information: before 3.2.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Rsync

View all
CVE-2024-12085 HIGH POC
7.5 Jan 14

A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), t

CVE-2024-12084 CRITICAL POC
9.8 Jan 15

A heap-based buffer overflow flaw was found in the rsync daemon. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2014-9512 MEDIUM POC
6.4 Feb 12

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization pa

CVE-2024-12087 HIGH POC
7.5 Jan 14

Server-to-client path traversal in rsync lets a malicious or compromised rsync server write files outside the client's i

CVE-2014-2855 HIGH
7.8 Apr 23

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of serv

CVE-2024-12086 MEDIUM POC
6.8 Jan 14

A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati

CVE-2017-16548 CRITICAL
9.8 Nov 06

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character

CVE-2017-17434 CRITICAL
9.8 Dec 06

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_

CVE-2017-15994 CRITICAL
9.8 Oct 29

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to by

CVE-2024-12088 HIGH
7.5 Jan 14

Arbitrary file write outside the intended destination in rsync's client-side `--safe-links` handling allows a malicious

CVE-2026-41035 HIGH
7.8 Apr 16

Receiver-side use-after-free in rsync 3.0.1 through 3.4.1 lets a malicious peer corrupt memory on a host running rsync w

CVE-2018-5764 HIGH
7.5 Jan 17

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses,

Share

CVE-2022-29154 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy