Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2024-12747

created 4 months, 3 weeks ago

Rsync: race condition in rsync handling symbolic links

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.

Affected products

rhcos

rsync

=<3.3.0
*

discovery/discovery-ui-rhel9

*

registry.redhat.io/discovery/discovery-ui-rhel9

*

Matching in nixpkgs

pkgs.rsync

Fast incremental file transfer utility

nixos-unstable -
- nixpkgs-unstable 3.4.1

pkgs.grsync

Synchronize folders, files and make backups

nixos-unstable -
- nixpkgs-unstable 1.3.1

pkgs.rrsync

Helper to run rsync-only environments from ssh-logins

nixos-unstable -
- nixpkgs-unstable 3.4.1

pkgs.rsyncy

Progress bar wrapper for rsync

nixos-unstable -
- nixpkgs-unstable 2.1.0

pkgs.librsync

Implementation of the rsync remote-delta algorithm

nixos-unstable -
- nixpkgs-unstable 2.3.4

pkgs.diskrsync

Rsync for block devices and disk images

nixos-unstable -
- nixpkgs-unstable 1.3.0

pkgs.ethersync

Real-time co-editing of local text files

nixos-unstable -
- nixpkgs-unstable 0.7.0

pkgs.openrsync

BSD-licensed implementation of rsync

nixos-unstable -
- nixpkgs-unstable 2025-01-27

pkgs.sqlite-rsync

Database remote-copy tool for SQLite

nixos-unstable -
- nixpkgs-unstable 3.50.2

pkgs.vdirsyncerStable

Synchronize calendars and contacts

nixos-unstable -
- nixpkgs-unstable 0.20.0

pkgs.yaziPlugins.rsync

Simple rsync plugin for yazi file manager

nixos-unstable -
- nixpkgs-unstable 0-unstable-2025-06-09

pkgs.vimPlugins.ethersync

Real-time co-editing of local text files

nixos-unstable -
- nixpkgs-unstable 0.7.0

pkgs.python312Packages.sysrsync

Simple and safe system's rsync wrapper for Python

nixos-unstable -
- nixpkgs-unstable 1.1.1

pkgs.python313Packages.sysrsync

Simple and safe system's rsync wrapper for Python

nixos-unstable -
- nixpkgs-unstable 1.1.1

pkgs.python312Packages.vdirsyncer

Synchronize calendars and contacts

nixos-unstable -
- nixpkgs-unstable 0.20.0

pkgs.python313Packages.vdirsyncer

Synchronize calendars and contacts

nixos-unstable -
- nixpkgs-unstable 0.20.0

pkgs.vscode-extensions.ethersync.ethersync

Extension for real-time co-editing of local text files

nixos-unstable -
- nixpkgs-unstable 0.4.0

Package maintainers

@jluttine Jaakko Luttinen <jaakko.luttinen@iki.fi>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@wegank Weijia Wang <contact@weijia.wang>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@fricklerhandwerk Valentin Gagarin <valentin@fricklerhandwerk.de>
@kuznero Roman Kuznetsov <roman@kuznero.com>
@fgaz Francesco Gazzetta <fgaz@fgaz.me>
@veprbl Dmitry Kalinkin <veprbl@gmail.com>
@stephen-huan Stephen Huan <stephen.huan@cgdct.moe>
@kampfschlaefer Arnold Krille <arnold@arnoldarts.de>
@ivan Ivan Kozik <ivan@ludios.org>
@nycodeghg Marie Ramlow <tabmeier12+nix@gmail.com>
@JohnAZoidberg Daniel Schäfer <git@danielschaefer.me>
@teto Matthieu Coudron <mcoudron@hotmail.com>