ALT-PU-2014-2401-1
Closed vulnerabilities
Published: 2014-04-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-2855
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
Severity: HIGH (7.8)
References:
- http://advisories.mageia.org/MGASA-2015-0065.html
- http://advisories.mageia.org/MGASA-2015-0065.html
- FEDORA-2014-5315
- FEDORA-2014-5315
- openSUSE-SU-2014:0595
- openSUSE-SU-2014:0595
- 57948
- 57948
- MDVSA-2015:131
- MDVSA-2015:131
- [oss-security] 20140414 CVE Request: rsync denial of service
- [oss-security] 20140414 CVE Request: rsync denial of service
- [oss-security] 20140415 Re: CVE Request: rsync denial of service
- [oss-security] 20140415 Re: CVE Request: rsync denial of service
- USN-2171-1
- USN-2171-1
- https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230
- https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230
- https://bugzilla.samba.org/show_bug.cgi?id=10551
- https://bugzilla.samba.org/show_bug.cgi?id=10551
- https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a
- https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a
Closed bugs
добавить unit-файлы для совместимости с systemd