CVE-2014-2855
Published: 17 April 2014
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
Notes
Author | Note |
---|---|
mdeslaur | only in 3.1.0 |
Priority
Status
Package | Release | Status |
---|---|---|
rsync Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Released
(3.1.0-2ubuntu0.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a |