An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

CPENameOperatorVersion
fedoraeq35
fedoraeq36
rsynclt3.2.5

Name	Operator	Version
fedora	eq	35
fedora	eq	36
rsync	lt	3.2.5

References

www.openwall.com/lists/oss-security/2022/08/02/1

github.com/WayneD/rsync/tags

lists.fedoraproject.org/archives/list/[email protected]/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/

lists.fedoraproject.org/archives/list/[email protected]/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/

nessus 53

cbl_mariner 2

redhatcve 1

nvd 1

redhat 36

freebsd 1

openvas 27

broadcom 1

amazon 1

veracode 1

suse 3

photon 5

rocky 2

oraclelinux 3

debiancve 1

cloudfoundry 1

githubexploit 1

osv 5

ibm 10

ubuntu 1

alpinelinux 1

cloudlinux 2

redos 1

slackware 1

ubuntucve 1

almalinux 1

cvelist 1

cve 1

mageia 1

centos 1

fedora 2

rosalinux 1

attackerkb 1

gentoo 1

ics 1

nessus

Oracle Linux 7 : rsync (ELSA-2022-6170)

2022-08-25 00:00:00

FreeBSD : rsync -- client-side arbitrary file write vulnerability (21f43976-1887-11ed-9911-40b034429ecf)

2022-08-11 00:00:00

SUSE SLED15 / SLES15 Security Update : rsync (SUSE-SU-2022:2825-1)

2022-08-17 00:00:00

cbl_mariner

CVE-2022-29154 affecting package rsync 3.1.3-5

2022-12-27 17:55:43

CVE-2022-29154 affecting package rsync for versions less than 3.2.5-1

2022-08-31 06:17:56

redhatcve

CVE-2022-29154

2022-08-02 13:40:01

nvd

CVE-2022-29154

2022-08-02 15:15:08

redhat

(RHSA-2022:6180) Important: rsync security update

2022-08-24 17:04:49

(RHSA-2022:6170) Important: rsync security update

2022-08-24 16:38:50

(RHSA-2022:6173) Important: rsync security update

2022-08-24 16:43:45

freebsd

rsync -- client-side arbitrary file write vulnerability

2022-08-02 00:00:00

openvas

Slackware: Security Advisory (SSA:2022-227-01)

2022-08-16 00:00:00

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2023-2204)

2023-06-12 00:00:00

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2022-2448)

2022-10-10 00:00:00

broadcom

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers.

2023-08-01 00:00:00

amazon

Important: rsync

2022-10-31 19:40:00

veracode

Directory Traversal

2022-08-09 00:45:20

suse

Security update for rsync (important)

2022-09-01 00:00:00

Security update for rsync (important)

2022-08-16 00:00:00

Security update for rsync (important)

2022-08-31 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0430

2022-08-05 00:00:00

Important Photon OS Security Update - PHSA-2022-0223

2022-08-04 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0223

2022-08-04 00:00:00

rocky

rsync security update

2022-08-24 17:04:49

rsync security update

2022-08-24 17:06:01

oraclelinux

rsync security update

2022-08-25 00:00:00

rsync security update

2022-08-25 00:00:00

rsync security update

2022-08-25 00:00:00

debiancve

CVE-2022-29154

2022-08-02 15:15:08

cloudfoundry

USN-5921-1: rsync vulnerabilities | Cloud Foundry

2023-03-23 00:00:00

githubexploit

Exploit for Improper Input Validation in Samba Rsync

2022-09-14 13:59:21

osv

rsync vulnerabilities

2023-03-06 12:11:44

Important: rsync security update

2022-08-24 17:06:01

Important: rsync security update

2022-08-24 00:00:00

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Rsync [CVE-2022-29154]

2024-02-29 20:30:34

Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities (CVE-2022-29154, CVE-2022-0391)

2023-04-03 21:42:39

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities.

2022-11-09 18:42:35

ubuntu

rsync vulnerabilities

2023-03-06 00:00:00

alpinelinux

CVE-2022-29154

2022-08-02 15:15:08

cloudlinux

Fixed CVE-2022-29154 in rsync

2022-08-17 18:45:47

Fixed CVE-2022-29154 in rsync

2022-09-08 17:32:28

redos

ROS-20221216-02

2022-12-16 00:00:00

slackware

[slackware-security] rsync

2022-08-15 20:27:07

ubuntucve

CVE-2022-29154

2022-08-02 00:00:00

almalinux

Important: rsync security update

2022-08-24 00:00:00

cvelist

CVE-2022-29154

2022-08-02 14:22:52

cve

CVE-2022-29154

2022-08-02 15:15:08

mageia

Updated rsync packages fix security vulnerability

2022-08-26 00:21:07

centos

rsync security update

2022-09-01 22:04:24

fedora

[SECURITY] Fedora 35 Update: rsync-3.2.5-1.fc35

2022-08-31 10:15:04

[SECURITY] Fedora 36 Update: rsync-3.2.5-1.fc36

2022-08-18 02:05:16

rosalinux

Advisory ROSA-SA-2023-2230

2023-09-05 12:16:03

attackerkb

CVE-2019-6111

2019-01-31 00:00:00

gentoo

rsync: Multiple Vulnerabilities

2024-05-08 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

Related for PRION:CVE-2022-29154