CVE-2014-9512 - Improper Link Resolution Before File Access ('Link Following')

Severity

64%

Complexity

99%

Confidentiality

81%

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P).

Overview

First reported 10 years ago

2015-02-12 16:59:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Samba Rsync 3.1.1

3.1.1

OpenSUSE 13.1

13.1

OpenSUSE 13.2

13.2

Oracle Solaris 11.3

11.3

References

openSUSE-SU-2015:0249

Third Party Advisory

openSUSE-SU-2016:1671

openSUSE-SU-2016:1695

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory

76093

1034786

USN-2879-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2014-9512 - Improper Link Resolution Before File Access ('Link Following')

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 10 years ago

Last updated 6 years ago

Affected Software

Samba Rsync 3.1.1

OpenSUSE 13.1

OpenSUSE 13.2

Oracle Solaris 11.3

References

openSUSE-SU-2015:0249

openSUSE-SU-2016:1671

openSUSE-SU-2016:1695

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

76093

1034786

USN-2879-1

http://xteam.baidu.com/?p=169

https://bugzilla.samba.org/show_bug.cgi?id=10977

GLSA-201605-04

Stay updated

Get in touch