Lucene search

[email protected]NVD:CVE-2014-2855

HistoryApr 23, 2014 - 3:55 p.m.

CVE-2014-2855

2014-04-2315:55:04

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.2

Confidence

High

EPSS

0.047

Percentile

92.7%

JSON

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

Affected configurations

Nvd

Node

sambarsyncRange≤3.1.0

sambarsyncMatch2.6.9

sambarsyncMatch2.7.0

sambarsyncMatch2.7.1

sambarsyncMatch2.7.2

sambarsyncMatch2.7.3

sambarsyncMatch2.7.4

sambarsyncMatch2.7.5

sambarsyncMatch2.7.6

sambarsyncMatch2.7.7

sambarsyncMatch2.7.8

sambarsyncMatch2.7.9

sambarsyncMatch2.8.0

sambarsyncMatch2.8.1

sambarsyncMatch2.8.2

sambarsyncMatch2.8.3

sambarsyncMatch2.8.4

sambarsyncMatch2.8.5

sambarsyncMatch2.8.6

sambarsyncMatch2.8.7

sambarsyncMatch2.8.8

sambarsyncMatch2.8.9

sambarsyncMatch2.9.0

sambarsyncMatch2.9.1

sambarsyncMatch2.9.2

sambarsyncMatch2.9.3

sambarsyncMatch2.9.4

sambarsyncMatch2.9.5

sambarsyncMatch2.9.6

sambarsyncMatch2.9.7

sambarsyncMatch2.9.8

sambarsyncMatch2.9.9

sambarsyncMatch3.0.0

sambarsyncMatch3.0.1

sambarsyncMatch3.0.2

sambarsyncMatch3.0.3

sambarsyncMatch3.0.4

sambarsyncMatch3.0.5

sambarsyncMatch3.0.6

sambarsyncMatch3.0.7

sambarsyncMatch3.0.8

sambarsyncMatch3.0.9

VendorProductVersionCPE
sambarsync*cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
sambarsync2.6.9cpe:2.3:a:samba:rsync:2.6.9:*:*:*:*:*:*:*
sambarsync2.7.0cpe:2.3:a:samba:rsync:2.7.0:*:*:*:*:*:*:*
sambarsync2.7.1cpe:2.3:a:samba:rsync:2.7.1:*:*:*:*:*:*:*
sambarsync2.7.2cpe:2.3:a:samba:rsync:2.7.2:*:*:*:*:*:*:*
sambarsync2.7.3cpe:2.3:a:samba:rsync:2.7.3:*:*:*:*:*:*:*
sambarsync2.7.4cpe:2.3:a:samba:rsync:2.7.4:*:*:*:*:*:*:*
sambarsync2.7.5cpe:2.3:a:samba:rsync:2.7.5:*:*:*:*:*:*:*
sambarsync2.7.6cpe:2.3:a:samba:rsync:2.7.6:*:*:*:*:*:*:*
sambarsync2.7.7cpe:2.3:a:samba:rsync:2.7.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samba	rsync	*	cpe:2.3:a:samba:rsync::::::::
samba	rsync	2.6.9	cpe:2.3:a:samba:rsync:2.6.9:::::::*
samba	rsync	2.7.0	cpe:2.3:a:samba:rsync:2.7.0:::::::*
samba	rsync	2.7.1	cpe:2.3:a:samba:rsync:2.7.1:::::::*
samba	rsync	2.7.2	cpe:2.3:a:samba:rsync:2.7.2:::::::*
samba	rsync	2.7.3	cpe:2.3:a:samba:rsync:2.7.3:::::::*
samba	rsync	2.7.4	cpe:2.3:a:samba:rsync:2.7.4:::::::*
samba	rsync	2.7.5	cpe:2.3:a:samba:rsync:2.7.5:::::::*
samba	rsync	2.7.6	cpe:2.3:a:samba:rsync:2.7.6:::::::*
samba	rsync	2.7.7	cpe:2.3:a:samba:rsync:2.7.7:::::::*