Rsync Race Condition Vulnerability in Symbolic Link Handling Can Lead to Privilege Escalation

A race condition vulnerability has been identified in Rsync, specifically in versions through 3.2.4. This flaw occurs during the application's handling of symbolic links, where Rsync typically skips them by default. An attacker could exploit this behavior by replacing a regular file with a symbolic link at a strategic moment, allowing them to traverse symbolic links and bypass the default handling. Depending on the privileges of the Rsync process, this could result in leaking sensitive information or even escalating privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized access to privileged files, allowing a user to read sensitive data or overwrite files in a way that escalates privileges. In regulated environments, however, existing controls may significantly reduce the risk of successful exploitation.

Remediation

Users can apply the latest patches available on the Rsync project's GitHub repository or from the official Rsync download site. For Red Hat users, the update can be applied through the Red Hat Enterprise Linux 8 or 9 security advisories. Red Hat Discovery users can also update through the Red Hat Discovery 1.14 container image.