[] NeoSense
E X P L O I T S
title author type platform port cve id

MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation

Author: Matt Johnston
type: local
platform: osx
port: 
date_added: 2004-09-17 
date_updated: 2013-03-06 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/11212/info

RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames.

A local attacker may exploit this vulnerability to execute symbolic link file overwrite attacks.

When using the scheduler component of RsyncX, /tmp/cron_rsyncxtmp
is insecurely used. A user can create a dir /tmp/blahdir,
then
ln -s /tmp/blahdir/file /tmp/cron.rsyncxtmp

After RsyncX scheduler is used by an admin, /etc/crontab
will become a symlink pointing to /tmp/blahdir/file.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.