Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-2855

Опубликовано: 23 апр. 2014
Источник: nvd
CVSS2: 7.8
EPSS Средний

Описание

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
Версия до 3.1.0 (включая)
cpe:2.3:a:samba:rsync:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.8.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.9.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.9.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.9.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.9.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.9.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.9.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.9.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:2.9.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.17189
Средний

7.8 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2014-2855

ubuntu
почти 12 лет назад

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

redhat логотип

CVE-2014-2855

redhat
почти 12 лет назад

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

debian логотип

CVE-2014-2855

debian
почти 12 лет назад

The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...

github логотип

GHSA-56mx-jc29-3mp9

github
больше 3 лет назад

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

EPSS

Процентиль: 95%
0.17189
Средний

7.8 High

CVSS2

Дефекты

CWE-20