Your submission was sent successfully! Close

CVE-2014-2855

Published: 17 April 2014

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

Notes

AuthorNote
mdeslaur
only in 3.1.0
Priority

Medium

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
lucid Not vulnerable

precise Not vulnerable

quantal Not vulnerable

saucy Not vulnerable

trusty
Released (3.1.0-2ubuntu0.1)
upstream Needs triage

Patches:
upstream: https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a