Unrated severityNVD Advisory· Published Apr 23, 2014· Updated May 6, 2026
CVE-2014-2855
CVE-2014-2855
Description
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
Affected products
42cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*+ 41 more
- cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*range: <=3.1.0
- cpe:2.3:a:samba:rsync:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:2.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:rsync:3.0.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- secunia.com/advisories/57948nvdVendor Advisory
- bugzilla.samba.org/show_bug.cginvdVendor Advisory
- advisories.mageia.org/MGASA-2015-0065.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-05/msg00006.htmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2014/04/14/5nvd
- www.openwall.com/lists/oss-security/2014/04/15/1nvd
- www.ubuntu.com/usn/USN-2171-1nvd
- bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230nvd
News mentions
0No linked articles in our index yet.