Affected system:
> rsync rsync 3.1.0
Description:
CVE(CAN) ID: CVE-2 0 1 4-2 8 5 5
rsync is a fast incremental file transfer tool that is used in the same host the backup inside the backup.
rsync 3.1.0, and other versions in the"check_secret()"function(authenticate. c)memory in a logic error, which may allow an attacker by not secrets within the file name of the user to trigger an infinite loop.
<*source: Ryan Finnie
Link:<http://secunia.com/advisories/57948>
*>
Recommendations:
Manufacturers patch:
The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:
<https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1 3 0 7 2 3 0>
<https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a>
<https://bugzilla.samba.org/show_bug.cgi?id=10551>