6.4

CVE-2014-9512

Exploit
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaRsync Version3.1.1
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
OracleSolaris Version10.0
OracleSolaris Version11.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.5% 0.929
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00041.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-06/msg00095.html
http://lists.opensuse.org/opensuse-updates/2016-06/msg00112.html
Third Party Advisory
http://www.securityfocus.com/bid/76093
http://www.securitytracker.com/id/1034786
http://www.ubuntu.com/usn/USN-2879-1
http://xteam.baidu.com/?p=169
Exploit
https://bugzilla.samba.org/show_bug.cgi?id=10977
Exploit
Issue Tracking
https://security.gentoo.org/glsa/201605-04
Third Party Advisory
https://support.apple.com/kb/HT211168
https://support.apple.com/kb/HT211170
https://support.apple.com/kb/HT211171
https://support.apple.com/kb/HT211175
https://support.apple.com/kb/HT211289