Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2014-2855

Published: 23/04/2014 Updated: 07/11/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Rsync

Vulnerability Summary

The check_secret function in authenticate.c in rsync 3.1.0 and previous versions allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba rsync 2.7.8

samba rsync 3.0.5

samba rsync 2.6.9

samba rsync 2.7.1

samba rsync 2.7.9

samba rsync 3.0.0

samba rsync 2.8.9

samba rsync 2.7.7

samba rsync 2.7.4

samba rsync 3.0.8

samba rsync 2.8.2

samba rsync 2.7.3

samba rsync 2.9.9

samba rsync 2.9.8

samba rsync 3.0.9

samba rsync 2.8.7

samba rsync 2.9.6

samba rsync 3.0.3

samba rsync 3.0.2

samba rsync 2.9.3

samba rsync 2.8.4

samba rsync 2.8.1

samba rsync

samba rsync 2.9.0

samba rsync 2.8.8

samba rsync 2.8.5

samba rsync 3.0.7

samba rsync 2.7.2

samba rsync 2.9.7

samba rsync 2.9.2

samba rsync 2.9.1

samba rsync 2.7.5

samba rsync 2.9.5

samba rsync 2.8.6

samba rsync 3.0.4

samba rsync 2.7.6

samba rsync 2.9.4

samba rsync 2.8.0

samba rsync 2.8.3

samba rsync 3.0.1

samba rsync 2.7.0

samba rsync 3.0.6

Vendor Advisories

Debian CVElist Bug Report Logs: rsync: CVE-2014-2855: Daemon infinite loop when no matched user in secrets
Debian Bug report logs - #744791 rsync: CVE-2014-2855: Daemon infinite loop when no matched user in secrets Package: src:rsync; Maintainer for src:rsync is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 14 Apr 2014 19:30:06 UTC Severity: grave Tags: fixed-upstream, s ...
Ubuntu Security Notice: rsync vulnerability
rsync could be made to consume resources if it received specially crafted network traffic ...
Red Hat: CVE-2014-2855
The check_secret function in authenticatec in rsync 310 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file ...

References

CWE-20http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.htmlhttp://www.openwall.com/lists/oss-security/2014/04/15/1http://secunia.com/advisories/57948http://www.openwall.com/lists/oss-security/2014/04/14/5https://bugzilla.samba.org/show_bug.cgi?id=10551https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:131http://advisories.mageia.org/MGASA-2015-0065.htmlhttp://www.ubuntu.com/usn/USN-2171-1https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56ahttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744791https://usn.ubuntu.com/2171-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-2855
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook