CVE-2014-2855

Published: 17 April 2014

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

Priority

Medium

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.1.0-2ubuntu0.1)
Patches:
Upstream: https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a