CVE-2024-12088
Published: 14 January 2025
Description
Adversaries may upload tools to third-party or adversary controlled infrastructure to make it accessible during targeting.
Security Summary
CVE-2024-12088 is a path traversal vulnerability (CWE-22) in the rsync client. When the --safe-links option is used, the client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This flaw may lead to arbitrary file writes outside the desired directory. The vulnerability has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) and was published on 2025-01-14.
A remote attacker with no privileges can exploit this vulnerability by controlling an rsync server and sending specially crafted symbolic links to a client using the --safe-links option during a file transfer. Exploitation requires user interaction, such as initiating the rsync client command to pull files from the malicious server. Successful attacks allow the attacker to achieve high-impact integrity violations by writing files to arbitrary locations on the client's filesystem.
Red Hat has issued multiple advisories addressing this issue, including RHBA-2025:6470, RHSA-2025:2600, RHSA-2025:7050, and RHSA-2025:8385. Further details on the vulnerability and mitigations are available at https://access.redhat.com/security/cve/CVE-2024-12088.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The path traversal vulnerability in the rsync client (bypassing --safe-links via nested symlinks) allows a malicious rsync server to write arbitrary files outside the intended directory, enabling ingress tool transfer and staging of malware/tools on the victim system.