CVE-2014-2855Improper Input Validation in Samba Rsync

CWE-20Improper Input Validation8 documents8 sources
Severity
7.8HIGHNVD
EPSS
17.2%
top 4.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samba Rsync
Timeline
PublishedApr 23
Latest updateMay 17

Description

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

Debiansamba/rsync< 3.1.0-3+3
NVDsamba/rsync3.1.0+41

🔴Vulnerability Details

3
GHSA
GHSA-56mx-jc29-3mp9: The check_secret function in authenticate2022-05-17
CVEList
CVE-2014-2855: The check_secret function in authenticate2014-04-23
OSV
CVE-2014-2855: The check_secret function in authenticate2014-04-23

📋Vendor Advisories

3
Ubuntu
rsync vulnerability2014-04-23
Red Hat
rsync: CPU consumption denial of service when authenticating with a non-existent username2014-04-13
Debian
CVE-2014-2855: rsync - The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows re...2014

💬Community

1
Bugzilla
CVE-2014-2855 rsync: CPU consumption denial of service when authenticating with a non-existent username2014-04-15
CVE-2014-2855 — Improper Input Validation in Samba | cvebase