FKIE_CVE-2014-2855

Vulnerability from fkie_nvd - Published: 2014-04-23 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
References
security@ubuntu.comhttp://advisories.mageia.org/MGASA-2015-0065.html
security@ubuntu.comhttp://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html
security@ubuntu.comhttp://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html
security@ubuntu.comhttp://secunia.com/advisories/57948Vendor Advisory
security@ubuntu.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:131
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2014/04/14/5
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2014/04/15/1
security@ubuntu.comhttp://www.ubuntu.com/usn/USN-2171-1
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230
security@ubuntu.comhttps://bugzilla.samba.org/show_bug.cgi?id=10551Vendor Advisory
security@ubuntu.comhttps://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2015-0065.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57948Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:131
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/04/14/5
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/04/15/1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2171-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.samba.org/show_bug.cgi?id=10551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a
Impacted products
Vendor Product Version
samba rsync *
samba rsync 2.6.9
samba rsync 2.7.0
samba rsync 2.7.1
samba rsync 2.7.2
samba rsync 2.7.3
samba rsync 2.7.4
samba rsync 2.7.5
samba rsync 2.7.6
samba rsync 2.7.7
samba rsync 2.7.8
samba rsync 2.7.9
samba rsync 2.8.0
samba rsync 2.8.1
samba rsync 2.8.2
samba rsync 2.8.3
samba rsync 2.8.4
samba rsync 2.8.5
samba rsync 2.8.6
samba rsync 2.8.7
samba rsync 2.8.8
samba rsync 2.8.9
samba rsync 2.9.0
samba rsync 2.9.1
samba rsync 2.9.2
samba rsync 2.9.3
samba rsync 2.9.4
samba rsync 2.9.5
samba rsync 2.9.6
samba rsync 2.9.7
samba rsync 2.9.8
samba rsync 2.9.9
samba rsync 3.0.0
samba rsync 3.0.1
samba rsync 3.0.2
samba rsync 3.0.3
samba rsync 3.0.4
samba rsync 3.0.5
samba rsync 3.0.6
samba rsync 3.0.7
samba rsync 3.0.8
samba rsync 3.0.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE263B95-48A6-469F-9546-3797B63DDF0F",
              "versionEndIncluding": "3.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA9CA2C-640D-407E-B1A1-B796CD4F4022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6525C2F-2572-4310-9D30-B198CB384984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DBCAA31-D770-451A-A0FE-7A6E8A99416D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB31395-F275-473B-B86B-B2E758BA2D47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "374E5F91-0E56-4191-B739-4D519DDE9792",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "662396BC-14FB-45C6-9C5B-C557A5DE2E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34821C0-3586-4160-B3AD-C49C27EEE05C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C7901A8-84D3-4852-A439-C12EB471C21C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "19AA7B76-8AEB-4B5C-B7F4-82899D200951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "88559A7B-9063-4952-928A-2FE6242D3FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB40E21F-55FA-4E2F-8A53-3CDF12754882",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "23834146-79D3-40F1-857A-339D5BD15DC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C41B8A-8330-4C5F-A0BA-854E96C3F686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EAD7F16-C6FD-4499-8CC9-310379DE8CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B965433-0880-43F3-996F-7F2FAA951B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9191C5BE-F4CF-4285-AFCE-FB0F58F7868E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEDC1BF-B858-420D-8471-BE6F9BD766CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D214AC3E-7D71-4019-BF13-3B037F345D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8056C095-00C3-48A9-8F00-8EC3CA71AE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "72EA2B26-61BC-4513-9B11-7C21477F93BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEECBA41-4E06-4D26-AD66-1698C39CB4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E73D14-2BBB-4E6E-970D-58C9D678CB07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58239BB8-F979-4902-807F-7037FA10D13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D494532E-87C1-435A-B41C-C446EA100FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF3AD10-C818-4510-AAB3-E760D48FDC2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB3A011-194C-4F0C-8DA2-48C592C9369A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B29F059-2213-4D01-A704-95A5620AE1DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5774F2C-A9D4-4E92-8832-A7CC2F25B682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2845B1-800A-4A87-A11E-94919CBA5655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4779C728-4B69-4B75-92A2-45E5D41FCC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "99BA0BEE-7C5F-47BD-AE02-68F69E52EA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7313AE31-C2AA-4A06-98BB-0AD3FAB7AAAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C44A273A-4613-44DC-905B-8EEDC035799C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA1C380-B119-4FA8-B75B-272DF7791D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "58D8B6CB-9968-4697-B87D-03DB7D150BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6659AB2-3361-4E91-A55D-BE09DE94B579",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B4B557A-9F40-415C-9919-955B3E0D5253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E48129D-B453-4048-BB18-AF52C97373F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "10DA1C5D-EF59-4633-B279-5B317306DA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFA9532-4359-42ED-92D9-1C33CB138D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A081055-55BB-4FED-87BA-117A23CB33C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n check_secret en authenticate.c en rsync 3.1.0 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y consumo de CPU) a trav\u00e9s de un nombre de usuario que no existe en el archivo de secretos."
    }
  ],
  "id": "CVE-2014-2855",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-23T15:55:04.593",
  "references": [
    {
      "source": "security@ubuntu.com",
      "url": "http://advisories.mageia.org/MGASA-2015-0065.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/57948"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:131"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/14/5"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/15/1"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.ubuntu.com/usn/USN-2171-1"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=10551"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2015-0065.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/57948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/14/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/15/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2171-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=10551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.