CVE-2014-9512 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.4 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:N/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Vendor	Product	Version
samba	rsync	3.1.1
opensuse	opensuse	13.1
opensuse	opensuse	13.2
oracle	solaris	10.0
oracle	solaris	11.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

rsync

bullseye	3.2.3-4+deb11u1 fixed
wheezy	not-affected
squeeze	not-affected
bookworm	3.2.7-1 fixed
sid	3.3.0-1 fixed
trixie	3.3.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

rsync

wily	Fixed 3.1.1-3ubuntu0.15.10.1 released
vivid	Fixed 3.1.1-3ubuntu0.15.04.1 released
utopic	ignored
trusty	Fixed 3.1.0-2ubuntu0.2 released
precise	Fixed 3.0.9-1ubuntu1.1 released
lucid	ignored

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://lists.opensuse.org/opensuse-updates/2015-02/msg00041.html

http://lists.opensuse.org/opensuse-updates/2016-06/msg00095.html

http://lists.opensuse.org/opensuse-updates/2016-06/msg00112.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/76093

http://www.securitytracker.com/id/1034786

http://www.ubuntu.com/usn/USN-2879-1

http://xteam.baidu.com/?p=169

https://bugzilla.samba.org/show_bug.cgi?id=10977

https://security.gentoo.org/glsa/201605-04

https://support.apple.com/kb/HT211168

https://support.apple.com/kb/HT211170

https://support.apple.com/kb/HT211171

https://support.apple.com/kb/HT211175

https://support.apple.com/kb/HT211289