Lucene search
Ubuntu.comUB:CVE-2014-2855HistoryApr 17, 2014 - 12:00 a.m.
CVE-2014-2855
2014-04-1700:00:00
ubuntu.com
ubuntu.com
7
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.047 Low
EPSS
Percentile
92.6%
The check_secret function in authenticate.c in rsync 3.1.0 and earlier
allows remote attackers to cause a denial of service (infinite loop and CPU
consumption) via a user name which does not exist in the secrets file.
Bugs
- <https://bugzilla.samba.org/show_bug.cgi?id=10551>
- <https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230>
Notes
| Author | Note |
|---|---|
| mdeslaur | only in 3.1.0 |
Related
prion
prion
Design/Logic Flaw
2014-04-23 15:55:00
nessus
nessus
Ubuntu 14.04 LTS : rsync vulnerability (USN-2171-1)
2014-04-24 00:00:00
openSUSE Security Update : Rsync (openSUSE-SU-2014:0595-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : rsync (MDVSA-2015:131)
2015-03-30 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: rsync-3.1.0-3.fc20
2014-04-20 01:29:59
myhack58
myhack58
openvas
openvas
Ubuntu Update for rsync USN-2171-1
2014-05-05 00:00:00
Fedora Update for rsync FEDORA-2014-5315
2014-04-21 00:00:00
Fedora Update for rsync FEDORA-2014-5315
2014-04-21 00:00:00
seebug
seebug
rsync不存在用户处理CPU消耗拒绝服务漏洞
2014-04-18 00:00:00
debiancve
debiancve
CVE-2014-2855
2014-04-23 15:55:00
mageia
mageia
Updated rsync package fixes security vulnerability
2015-02-15 18:57:20
securityvulns
securityvulns
rsync DoS
2014-05-04 00:00:00
[USN-2171-1] rsync vulnerability
2014-05-04 00:00:00
cve
cve
CVE-2014-2855
2014-04-23 15:55:00
ubuntu
ubuntu
rsync vulnerability
2014-04-23 00:00:00
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.047 Low
EPSS
Percentile
92.6%
Related for UB:CVE-2014-2855