Denial of Service Vulnerability in rsync Affects Samba and Various Linux Distributions
CVE-2014-2855

Currently unrated

Key Information:

Vendor: Samba
Status: Rsync
Vendor: CVE Published:; 23 April 2014

What is CVE-2014-2855?

The check_secret function in the authenticate.c file of rsync versions up to 3.1.0 can be exploited by remote attackers to induce a denial of service condition. This occurs when a non-existent username is processed, leading to an infinite loop and excessive CPU resource consumption. As a result, legitimate users may experience disruptions in service availability, highlighting the importance of updating the software to mitigate such risks.

References

https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbc...

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-2171-1

vendor-advisoryx_refsource_UBUNTU

http://lists.opensuse.org/opensuse-updates/2014-05/msg000...

vendor-advisoryx_refsource_SUSE

EPSS Score

20% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2014
Vulnerability Reserved
Apr 15, 2014