The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7206-1 advisory.

    Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum     lengths. An attacker could use this issue to execute arbitrary code. (CVE-2024-12084)

    Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync compared checksums with     uninitialized memory. An attacker could exploit this issue to leak sensitive information. (CVE-2024-12085)

    Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync incorrectly handled file     checksums. A malicious server could use this to expose arbitrary client files. (CVE-2024-12086)

    Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync mishandled symlinks for some     settings. An attacker could exploit this to write files outside the intended directory. (CVE-2024-12087)

    Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync failed to verify symbolic link     destinations for some settings. An attacker could exploit this for path traversal attacks.
    (CVE-2024-12088)

    Aleksei Gorban discovered a race condition in rsync's handling of symbolic links. An attacker could use     this to access sensitive information or escalate privileges. (CVE-2024-12747)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : rsync vulnerabilities (USN-7206-1)

critical Nessus Plugin ID 214143

Version 1.2