CVE-2014-2855

Name of the Vulnerable Software and Affected Versions rsync versions 3.1.0 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and CPU consumption. This occurs when a user name that does not exist in the secrets file is used, exploiting the check secret function in authenticate.c.

Recommendations For versions 3.1.0 and earlier, consider disabling the check secret function as a temporary workaround until a patch is available. Restrict access to the authentication module to minimize the risk of exploitation. Avoid using non-existent user names in the secrets file until the issue is resolved.