CVE-2024-12747

MEDIUM

rsync - Privilege Escalation

Title source: llm

Description

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.

References (10)

Core 10

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html

Third Party Advisory, US Government Resource

https://kb.cert.org/vuls/id/952657

Third Party Advisory, US Government Resource

https://www.kb.cert.org/vuls/id/952657

Vendor Advisory

https://security.netapp.com/advisory/ntap-20250131-0002/

Vendor Advisory vendor-advisory x_refsource_redhat

RHBA-2025:6470

https://access.redhat.com/errata/RHBA-2025:6470

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:2600

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:7050

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8385

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-12747

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2332968

Scores

CVSS v3 5.6

EPSS 0.0001

EPSS Percentile 2.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-362

Status published

Products (9)

Red Hat/Red Hat Discovery 1.14 sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644

Red Hat/Red Hat Discovery 1.14 sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 10 0:3.4.1-2.el10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8 0:3.1.3-21.el8_10

Red Hat/Red Hat Enterprise Linux 9 0:3.2.5-3.el9

Red Hat/Red Hat OpenShift Container Platform 4

Published Jan 14, 2025

Tracked Since Feb 18, 2026