Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2855

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-2855
Last Modified 14 Apr 2015 10:00:23
Published 23 Apr 2014 11:55:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2855

Summary

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

Vulnerable Systems

Application

  • Samba Rsync 2.6.9

  • Samba Rsync 2.7.0

  • Samba Rsync 2.7.1

  • Samba Rsync 2.7.2

  • Samba Rsync 2.7.3

  • Samba Rsync 2.7.4

  • Samba Rsync 2.7.5

  • Samba Rsync 2.7.6

  • Samba Rsync 2.7.7

  • Samba Rsync 2.7.8

  • Samba Rsync 2.7.9

  • Samba Rsync 2.8.0

  • Samba Rsync 2.8.1

  • Samba Rsync 2.8.2

  • Samba Rsync 2.8.3

  • Samba Rsync 2.8.4

  • Samba Rsync 2.8.5

  • Samba Rsync 2.8.6

  • Samba Rsync 2.8.7

  • Samba Rsync 2.8.8

  • Samba Rsync 2.8.9

  • Samba Rsync 2.9.0

  • Samba Rsync 2.9.1

  • Samba Rsync 2.9.2

  • Samba Rsync 2.9.3

  • Samba Rsync 2.9.4

  • Samba Rsync 2.9.5

  • Samba Rsync 2.9.6

  • Samba Rsync 2.9.7

  • Samba Rsync 2.9.8

  • Samba Rsync 2.9.9

  • Samba Rsync 3.0.0

  • Samba Rsync 3.0.1

  • Samba Rsync 3.0.2

  • Samba Rsync 3.0.3

  • Samba Rsync 3.0.4

  • Samba Rsync 3.0.5

  • Samba Rsync 3.0.6

  • Samba Rsync 3.0.7

  • Samba Rsync 3.0.8

  • Samba Rsync 3.0.9

  • Samba Rsync 3.1.0


References

CONFIRM - https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a

CONFIRM - https://bugzilla.samba.org/show_bug.cgi?id=10551

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230

MLIST - [oss-security] 20140415 Re: CVE Request: rsync denial of service

MLIST - [oss-security] 20140414 CVE Request: rsync denial of service

SECUNIA - 57948

FEDORA - FEDORA-2014-5315

SUSE - openSUSE-SU-2014:0595

MANDRIVA - MDVSA-2015:131

CONFIRM - http://advisories.mageia.org/MGASA-2015-0065.html


Last Updated: 27 May 2016 11:05:05