REDHAT-BUG-2332968: Race Condition
First published: Wed Dec 18 2024(Updated: )
This vulnerability stems from a race condition in rsync's handling of symbolic links. By exploiting timing differences, an attacker can bypass the expected behavior of skipping symbolic links during file synchronization. This flaw becomes critical in scenarios where rsync runs with elevated privileges, as it can inadvertently expose sensitive files to unprivileged users, potentially leading to privilege escalation.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2332968?
The severity of REDHAT-BUG-2332968 is critical due to the potential for elevated privilege escalation.
How do I fix REDHAT-BUG-2332968?
To fix REDHAT-BUG-2332968, update to the latest version of rsync provided by the vendor that addresses the race condition.
What software is affected by REDHAT-BUG-2332968?
Samba rsync is the software primarily affected by REDHAT-BUG-2332968.
What is the main issue caused by REDHAT-BUG-2332968?
The main issue caused by REDHAT-BUG-2332968 is a race condition that allows attackers to bypass symbolic link protections during file synchronization.
Who is at risk from REDHAT-BUG-2332968?
Users running Samba rsync with elevated privileges are at risk from REDHAT-BUG-2332968 as the vulnerability may lead to unauthorized access.
- agent/weakness
- agent/references
- agent/severity
- agent/first-publish-date
- agent/type
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-12747
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/samba
- canonical/samba