CVE-2014-9512
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
89.3%
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| samba | rsync | 3.1.1 | cpe:2.3:a:samba:rsync:3.1.1:*:*:*:*:*:*:* |
| opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
| opensuse | opensuse | 13.2 | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
| oracle | solaris | 10.0 | cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:* |
| oracle | solaris | 11.3 | cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* |
References
lists.opensuse.org/opensuse-updates/2015-02/msg00041.html
lists.opensuse.org/opensuse-updates/2016-06/msg00095.html
lists.opensuse.org/opensuse-updates/2016-06/msg00112.html
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.securityfocus.com/bid/76093
www.securitytracker.com/id/1034786
www.ubuntu.com/usn/USN-2879-1
xteam.baidu.com/?p=169
bugzilla.samba.org/show_bug.cgi?id=10977
security.gentoo.org/glsa/201605-04
support.apple.com/kb/HT211168
support.apple.com/kb/HT211170
support.apple.com/kb/HT211171
support.apple.com/kb/HT211175
support.apple.com/kb/HT211289
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
89.3%