librsync -- collision vulnerability

2014-07-28T00:00:00
ID B22B016B-B633-11E5-83EF-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2014-07-28T00:00:00

Description

Michael Samuel reports:

librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.