CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc
server (MITM attack)
Add '%check
unset DISPLAY
’ section but disable broken ‘daemon’ and ‘hardlinks’ tests

OSVersionArchitecturePackageVersionFilename
Centos6x86_64rsync< 3.0.6rsync-3.0.6-12.el6.tuxcare.els2.src.rpm

OS	Version	Architecture	Package	Version	Filename
Centos	6	x86_64	rsync	< 3.0.6	rsync-3.0.6-12.el6.tuxcare.els2.src.rpm

References

errata.cloudlinux.com/els6/CLSA-2022-1660761947.html

cbl_mariner 2

freebsd 1

nessus 54

redhatcve 1

openvas 27

redhat 36

nvd 1

prion 1

veracode 1

broadcom 1

amazon 1

suse 3

oraclelinux 3

rocky 2

debiancve 1

cloudfoundry 1

photon 5

githubexploit 1

redos 1

osv 6

ubuntucve 1

cvelist 1

almalinux 1

cloudlinux 1

cve 1

mageia 1

slackware 1

centos 1

alpinelinux 1

ibm 10

ubuntu 1

fedora 2

rosalinux 1

attackerkb 1

gentoo 1

ics 1

cbl_mariner

CVE-2022-29154 affecting package rsync 3.1.3-5

2022-12-27 17:55:43

CVE-2022-29154 affecting package rsync for versions less than 3.2.5-1

2022-08-31 06:17:56

freebsd

rsync -- client-side arbitrary file write vulnerability

2022-08-02 00:00:00

nessus

SUSE SLED15 / SLES15 Security Update : rsync (SUSE-SU-2022:2825-1)

2022-08-17 00:00:00

FreeBSD : rsync -- client-side arbitrary file write vulnerability (21f43976-1887-11ed-9911-40b034429ecf)

2022-08-11 00:00:00

Oracle Linux 8 : rsync (ELSA-2022-6180)

2022-08-25 00:00:00

redhatcve

CVE-2022-29154

2022-08-02 13:40:01

openvas

Slackware: Security Advisory (SSA:2022-227-01)

2022-08-16 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2825-1)

2022-08-17 00:00:00

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2022-2448)

2022-10-10 00:00:00

redhat

(RHSA-2022:6170) Important: rsync security update

2022-08-24 16:38:50

(RHSA-2022:6180) Important: rsync security update

2022-08-24 17:04:49

(RHSA-2022:6173) Important: rsync security update

2022-08-24 16:43:45

nvd

CVE-2022-29154

2022-08-02 15:15:08

prion

Input validation

2022-08-02 15:15:00

veracode

Directory Traversal

2022-08-09 00:45:20

broadcom

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers.

2023-08-01 00:00:00

amazon

Important: rsync

2022-10-31 19:40:00

suse

Security update for rsync (important)

2022-09-01 00:00:00

Security update for rsync (important)

2022-08-16 00:00:00

Security update for rsync (important)

2022-08-31 00:00:00

oraclelinux

rsync security update

2022-08-25 00:00:00

rsync security update

2022-08-25 00:00:00

rsync security update

2022-08-25 00:00:00

rocky

rsync security update

2022-08-24 17:04:49

rsync security update

2022-08-24 17:06:01

debiancve

CVE-2022-29154

2022-08-02 15:15:08

cloudfoundry

USN-5921-1: rsync vulnerabilities | Cloud Foundry

2023-03-23 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0430

2022-08-05 00:00:00

Important Photon OS Security Update - PHSA-2022-0223

2022-08-04 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0223

2022-08-04 00:00:00

githubexploit

Exploit for Improper Input Validation in Samba Rsync

2022-09-14 13:59:21

redos

ROS-20221216-02

2022-12-16 00:00:00

osv

Important: rsync security update

2022-08-24 17:04:49

CVE-2022-29154

2022-08-02 15:15:08

rsync-3.2.4-3.1 on GA media

2024-06-15 00:00:00

ubuntucve

CVE-2022-29154

2022-08-02 00:00:00

cvelist

CVE-2022-29154

2022-08-02 14:22:52

almalinux

Important: rsync security update

2022-08-24 00:00:00

cloudlinux

Fixed CVE-2022-29154 in rsync

2022-09-08 17:32:28

cve

CVE-2022-29154

2022-08-02 15:15:08

mageia

Updated rsync packages fix security vulnerability

2022-08-26 00:21:07

slackware

[slackware-security] rsync

2022-08-15 20:27:07

centos

rsync security update

2022-09-01 22:04:24

alpinelinux

CVE-2022-29154

2022-08-02 15:15:08

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Rsync [CVE-2022-29154]

2024-02-29 20:15:10

Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities (CVE-2022-29154, CVE-2022-0391)

2023-04-03 21:42:39

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities.

2022-11-09 18:42:35

ubuntu

rsync vulnerabilities

2023-03-06 00:00:00

fedora

[SECURITY] Fedora 35 Update: rsync-3.2.5-1.fc35

2022-08-31 10:15:04

[SECURITY] Fedora 36 Update: rsync-3.2.5-1.fc36

2022-08-18 02:05:16

rosalinux

Advisory ROSA-SA-2023-2230

2023-09-05 12:16:03

attackerkb

CVE-2019-6111

2019-01-31 00:00:00

gentoo

rsync: Multiple Vulnerabilities

2024-05-08 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

41.1%

JSON

Related for CLSA-2022:1660761947