CVE-2024-12085
📋 TL;DR
This vulnerability in rsync allows attackers to leak uninitialized stack memory one byte at a time by manipulating checksum length during file comparison. It affects systems using vulnerable rsync versions for file synchronization. The information disclosure could potentially expose sensitive data from memory.
💻 Affected Systems
- rsync
📦 What is this software?
Almalinux by Almalinux
Almalinux by Almalinux
Almalinux by Almalinux
Arch Linux by Archlinux
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Linux by Gentoo
Nixos by Nixos
Openshift by Redhat
Rsync by Samba
Smartos by Tritondatacenter
⚠️ Risk & Real-World Impact
Worst Case
Sensitive data like passwords, keys, or other memory contents could be gradually leaked, potentially leading to full system compromise if combined with other vulnerabilities.
Likely Case
Limited information disclosure of uninitialized stack memory, which may contain fragments of sensitive data but requires repeated exploitation attempts.
If Mitigated
Minimal impact with proper network segmentation and access controls limiting rsync exposure.
🎯 Exploit Status
Exploitation requires ability to trigger rsync checksum comparisons and manipulate checksum length parameters. No public exploit code identified in provided references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific Red Hat advisories (RHSA-2025:0324, RHSA-2025:0325, etc.) for patched versions.
Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:0324
Restart Required: No
Instructions:
1. Check your distribution's security advisories. 2. Update rsync package using your package manager (yum update rsync or apt-get upgrade rsync). 3. Verify the update completed successfully.
🔧 Temporary Workarounds
Restrict rsync access
allLimit rsync usage to trusted networks and users only.
Configure firewall rules to restrict rsync port (typically 873) access
Use SSH tunneling for rsync instead of direct rsync daemon
🧯 If You Can't Patch
- Isolate rsync services to internal networks only using firewall rules.
- Monitor rsync logs for unusual activity and implement strict access controls.
🔍 How to Verify
Check if Vulnerable:
Check rsync version: rsync --version | head -1. Compare against patched versions in Red Hat advisories.Check Version:
rsync --version | head -1Verify Fix Applied:
Verify updated version: rsync --version | head -1. Ensure version matches or exceeds patched versions from advisories.📡 Detection & Monitoring
Log Indicators:
- Unusual rsync connection patterns
- Multiple failed checksum operations from single source
Network Indicators:
- Abnormal rsync traffic patterns to port 873
- Repeated connection attempts with varying parameters
SIEM Query:
source="rsync" AND (event="checksum_error" OR event="connection_refused") | stats count by src_ip🔗 References
- https://access.redhat.com/errata/RHSA-2025:0324
- https://access.redhat.com/errata/RHSA-2025:0325
- https://access.redhat.com/errata/RHSA-2025:0637
- https://access.redhat.com/errata/RHSA-2025:0688
- https://access.redhat.com/errata/RHSA-2025:0714
- https://access.redhat.com/errata/RHSA-2025:0774
- https://access.redhat.com/errata/RHSA-2025:0787
- https://access.redhat.com/errata/RHSA-2025:0790
- https://access.redhat.com/errata/RHSA-2025:0849
- https://access.redhat.com/errata/RHSA-2025:0884
- https://access.redhat.com/errata/RHSA-2025:0885
- https://access.redhat.com/errata/RHSA-2025:1120
- https://access.redhat.com/errata/RHSA-2025:1123
- https://access.redhat.com/errata/RHSA-2025:1128
- https://access.redhat.com/errata/RHSA-2025:1225
- https://access.redhat.com/errata/RHSA-2025:1227
- https://access.redhat.com/errata/RHSA-2025:1242
- https://access.redhat.com/errata/RHSA-2025:1451
- https://access.redhat.com/errata/RHSA-2025:21885
- https://access.redhat.com/errata/RHSA-2025:2701
- https://access.redhat.com/security/cve/CVE-2024-12085
- https://bugzilla.redhat.com/show_bug.cgi?id=2330539
- https://kb.cert.org/vuls/id/952657
- https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
- https://security.netapp.com/advisory/ntap-20250131-0002/
- https://www.kb.cert.org/vuls/id/952657
- https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
