PT-2014-4922 · Rsync+2 · Rsync+2
Published
2014-04-17
·
Updated
2024-06-15
·
CVE-2014-2855
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
rsync versions 3.1.0 and earlier
Description
The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and CPU consumption. This occurs when a user name that does not exist in the secrets file is used, exploiting the
check secret function in authenticate.c.Recommendations
For versions 3.1.0 and earlier, consider disabling the
check secret function as a temporary workaround until a patch is available. Restrict access to the authentication module to minimize the risk of exploitation. Avoid using non-existent user names in the secrets file until the issue is resolved.Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Ubuntu
Rsync