Denial of Service Vulnerability in rsync Affects Samba and Various Linux Distributions
CVE-2014-2855

Currently unrated

Key Information:

Vendor

Samba

Status
Rsync
Vendor
CVE Published:
23 April 2014

What is CVE-2014-2855?

The check_secret function in the authenticate.c file of rsync versions up to 3.1.0 can be exploited by remote attackers to induce a denial of service condition. This occurs when a non-existent username is processed, leading to an infinite loop and excessive CPU resource consumption. As a result, legitimate users may experience disruptions in service availability, highlighting the importance of updating the software to mitigate such risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbc...
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2171-1
vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-updates/2014-05/msg000...
vendor-advisoryx_refsource_SUSE

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.