Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2025-1325)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.2.2025.1325

Kategorie: Huawei EulerOS Local Security Checks

Titel: Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2025-1325)

Zusammenfassung: The remote host is missing an update for the Huawei EulerOS 'rsync' package(s) announced via the EulerOS-SA-2025-1325 advisory.

Beschreibung: Summary:
The remote host is missing an update for the Huawei EulerOS 'rsync' package(s) announced via the EulerOS-SA-2025-1325 advisory.

Vulnerability Insight:
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.(CVE-2024-12085)

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.(CVE-2024-12747)

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.(CVE-2024-12087)

Affected Software/OS:
'rsync' package(s) on Huawei EulerOS V2.0SP13.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2024-12085
Common Vulnerability Exposure (CVE) ID: CVE-2024-12087
Common Vulnerability Exposure (CVE) ID: CVE-2024-12747

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2025.1325
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2025-1325)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'rsync' package(s) announced via the EulerOS-SA-2025-1325 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'rsync' package(s) announced via the EulerOS-SA-2025-1325 advisory. Vulnerability Insight: A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.(CVE-2024-12085) A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.(CVE-2024-12747) A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.(CVE-2024-12087) Affected Software/OS: 'rsync' package(s) on Huawei EulerOS V2.0SP13. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-12085 Common Vulnerability Exposure (CVE) ID: CVE-2024-12087 Common Vulnerability Exposure (CVE) ID: CVE-2024-12747
Copyright	Copyright (C) 2025 Greenbone AG