Vulnerability-Lookup

CVE-2014-2855 (GCVE-0-2014-2855)

Vulnerability from cvelistv5 – Published: 2014-04-23 14:00 – Updated: 2024-08-06 10:28

Summary

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.

Severity ?

No CVSS data available.

CWE

Assigner

canonical

References

URL

Tags

	https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2171-1	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2014/04/14/5	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/57948	third-party-advisoryx_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://bugs.launchpad.net/ubuntu/+source/rsync/+…	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://bugzilla.samba.org/show_bug.cgi?id=10551	x_refsource_CONFIRM
	http://advisories.mageia.org/MGASA-2015-0065.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2014/04/15/1	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a"
          },
          {
            "name": "USN-2171-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2171-1"
          },
          {
            "name": "openSUSE-SU-2014:0595",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html"
          },
          {
            "name": "[oss-security] 20140414 CVE Request: rsync denial of service",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/04/14/5"
          },
          {
            "name": "57948",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57948"
          },
          {
            "name": "FEDORA-2014-5315",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230"
          },
          {
            "name": "MDVSA-2015:131",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:131"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=10551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2015-0065.html"
          },
          {
            "name": "[oss-security] 20140415 Re: CVE Request: rsync denial of service",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/04/15/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-15T17:57:01",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a"
        },
        {
          "name": "USN-2171-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2171-1"
        },
        {
          "name": "openSUSE-SU-2014:0595",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html"
        },
        {
          "name": "[oss-security] 20140414 CVE Request: rsync denial of service",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/04/14/5"
        },
        {
          "name": "57948",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57948"
        },
        {
          "name": "FEDORA-2014-5315",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230"
        },
        {
          "name": "MDVSA-2015:131",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:131"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.samba.org/show_bug.cgi?id=10551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2015-0065.html"
        },
        {
          "name": "[oss-security] 20140415 Re: CVE Request: rsync denial of service",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/04/15/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "ID": "CVE-2014-2855",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a",
              "refsource": "CONFIRM",
              "url": "https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a"
            },
            {
              "name": "USN-2171-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2171-1"
            },
            {
              "name": "openSUSE-SU-2014:0595",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html"
            },
            {
              "name": "[oss-security] 20140414 CVE Request: rsync denial of service",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/04/14/5"
            },
            {
              "name": "57948",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57948"
            },
            {
              "name": "FEDORA-2014-5315",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230"
            },
            {
              "name": "MDVSA-2015:131",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:131"
            },
            {
              "name": "https://bugzilla.samba.org/show_bug.cgi?id=10551",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.samba.org/show_bug.cgi?id=10551"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2015-0065.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2015-0065.html"
            },
            {
              "name": "[oss-security] 20140415 Re: CVE Request: rsync denial of service",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/04/15/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2014-2855",
    "datePublished": "2014-04-23T14:00:00",
    "dateReserved": "2014-04-15T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.1.0\", \"matchCriteriaId\": \"CE263B95-48A6-469F-9546-3797B63DDF0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEA9CA2C-640D-407E-B1A1-B796CD4F4022\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6525C2F-2572-4310-9D30-B198CB384984\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DBCAA31-D770-451A-A0FE-7A6E8A99416D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBB31395-F275-473B-B86B-B2E758BA2D47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"374E5F91-0E56-4191-B739-4D519DDE9792\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"662396BC-14FB-45C6-9C5B-C557A5DE2E96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A34821C0-3586-4160-B3AD-C49C27EEE05C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C7901A8-84D3-4852-A439-C12EB471C21C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19AA7B76-8AEB-4B5C-B7F4-82899D200951\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.7.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88559A7B-9063-4952-928A-2FE6242D3FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.7.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB40E21F-55FA-4E2F-8A53-3CDF12754882\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23834146-79D3-40F1-857A-339D5BD15DC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7C41B8A-8330-4C5F-A0BA-854E96C3F686\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EAD7F16-C6FD-4499-8CC9-310379DE8CE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B965433-0880-43F3-996F-7F2FAA951B2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9191C5BE-F4CF-4285-AFCE-FB0F58F7868E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBEDC1BF-B858-420D-8471-BE6F9BD766CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D214AC3E-7D71-4019-BF13-3B037F345D10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.8.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8056C095-00C3-48A9-8F00-8EC3CA71AE48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72EA2B26-61BC-4513-9B11-7C21477F93BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.8.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEECBA41-4E06-4D26-AD66-1698C39CB4C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10E73D14-2BBB-4E6E-970D-58C9D678CB07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58239BB8-F979-4902-807F-7037FA10D13D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D494532E-87C1-435A-B41C-C446EA100FFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AF3AD10-C818-4510-AAB3-E760D48FDC2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EB3A011-194C-4F0C-8DA2-48C592C9369A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B29F059-2213-4D01-A704-95A5620AE1DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5774F2C-A9D4-4E92-8832-A7CC2F25B682\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.9.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB2845B1-800A-4A87-A11E-94919CBA5655\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4779C728-4B69-4B75-92A2-45E5D41FCC17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:2.9.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99BA0BEE-7C5F-47BD-AE02-68F69E52EA5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7313AE31-C2AA-4A06-98BB-0AD3FAB7AAAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C44A273A-4613-44DC-905B-8EEDC035799C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDA1C380-B119-4FA8-B75B-272DF7791D8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58D8B6CB-9968-4697-B87D-03DB7D150BEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6659AB2-3361-4E91-A55D-BE09DE94B579\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:3.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B4B557A-9F40-415C-9919-955B3E0D5253\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:3.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E48129D-B453-4048-BB18-AF52C97373F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:3.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10DA1C5D-EF59-4633-B279-5B317306DA52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:3.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DFA9532-4359-42ED-92D9-1C33CB138D6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:rsync:3.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A081055-55BB-4FED-87BA-117A23CB33C8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n check_secret en authenticate.c en rsync 3.1.0 y anteriores permite a atacantes remotos causar una denegaci\\u00f3n de servicio (bucle infinito y consumo de CPU) a trav\\u00e9s de un nombre de usuario que no existe en el archivo de secretos.\"}]",
      "id": "CVE-2014-2855",
      "lastModified": "2024-11-21T02:07:04.060",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-04-23T15:55:04.593",
      "references": "[{\"url\": \"http://advisories.mageia.org/MGASA-2015-0065.html\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"http://secunia.com/advisories/57948\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:131\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2014/04/14/5\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2014/04/15/1\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2171-1\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"https://bugzilla.samba.org/show_bug.cgi?id=10551\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"http://advisories.mageia.org/MGASA-2015-0065.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/57948\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:131\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2014/04/14/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2014/04/15/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2171-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.samba.org/show_bug.cgi?id=10551\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@ubuntu.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2855\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2014-04-23T15:55:04.593\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n check_secret en authenticate.c en rsync 3.1.0 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y consumo de CPU) a trav\u00e9s de un nombre de usuario que no existe en el archivo de secretos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.1.0\",\"matchCriteriaId\":\"CE263B95-48A6-469F-9546-3797B63DDF0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEA9CA2C-640D-407E-B1A1-B796CD4F4022\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6525C2F-2572-4310-9D30-B198CB384984\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DBCAA31-D770-451A-A0FE-7A6E8A99416D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB31395-F275-473B-B86B-B2E758BA2D47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"374E5F91-0E56-4191-B739-4D519DDE9792\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"662396BC-14FB-45C6-9C5B-C557A5DE2E96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A34821C0-3586-4160-B3AD-C49C27EEE05C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C7901A8-84D3-4852-A439-C12EB471C21C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19AA7B76-8AEB-4B5C-B7F4-82899D200951\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88559A7B-9063-4952-928A-2FE6242D3FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB40E21F-55FA-4E2F-8A53-3CDF12754882\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23834146-79D3-40F1-857A-339D5BD15DC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7C41B8A-8330-4C5F-A0BA-854E96C3F686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EAD7F16-C6FD-4499-8CC9-310379DE8CE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B965433-0880-43F3-996F-7F2FAA951B2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9191C5BE-F4CF-4285-AFCE-FB0F58F7868E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBEDC1BF-B858-420D-8471-BE6F9BD766CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D214AC3E-7D71-4019-BF13-3B037F345D10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8056C095-00C3-48A9-8F00-8EC3CA71AE48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72EA2B26-61BC-4513-9B11-7C21477F93BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.8.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEECBA41-4E06-4D26-AD66-1698C39CB4C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10E73D14-2BBB-4E6E-970D-58C9D678CB07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58239BB8-F979-4902-807F-7037FA10D13D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D494532E-87C1-435A-B41C-C446EA100FFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AF3AD10-C818-4510-AAB3-E760D48FDC2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EB3A011-194C-4F0C-8DA2-48C592C9369A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B29F059-2213-4D01-A704-95A5620AE1DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5774F2C-A9D4-4E92-8832-A7CC2F25B682\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB2845B1-800A-4A87-A11E-94919CBA5655\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4779C728-4B69-4B75-92A2-45E5D41FCC17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:2.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99BA0BEE-7C5F-47BD-AE02-68F69E52EA5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7313AE31-C2AA-4A06-98BB-0AD3FAB7AAAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C44A273A-4613-44DC-905B-8EEDC035799C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDA1C380-B119-4FA8-B75B-272DF7791D8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58D8B6CB-9968-4697-B87D-03DB7D150BEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6659AB2-3361-4E91-A55D-BE09DE94B579\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B4B557A-9F40-415C-9919-955B3E0D5253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E48129D-B453-4048-BB18-AF52C97373F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10DA1C5D-EF59-4633-B279-5B317306DA52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:3.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DFA9532-4359-42ED-92D9-1C33CB138D6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:3.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A081055-55BB-4FED-87BA-117A23CB33C8\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2015-0065.html\",\"source\":\"security@ubuntu.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html\",\"source\":\"security@ubuntu.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html\",\"source\":\"security@ubuntu.com\"},{\"url\":\"http://secunia.com/advisories/57948\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:131\",\"source\":\"security@ubuntu.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/04/14/5\",\"source\":\"security@ubuntu.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/04/15/1\",\"source\":\"security@ubuntu.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2171-1\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://bugzilla.samba.org/show_bug.cgi?id=10551\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a\",\"source\":\"security@ubuntu.com\"},{\"url\":\"http://advisories.mageia.org/MGASA-2015-0065.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:131\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/04/14/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/04/15/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2171-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.samba.org/show_bug.cgi?id=10551\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2014-2855

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-2855

Aliases

CVE-2014-2855

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-2855",
    "description": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.",
    "id": "GSD-2014-2855",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-2855.html",
      "https://ubuntu.com/security/CVE-2014-2855",
      "https://advisories.mageia.org/CVE-2014-2855.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-2855"
      ],
      "details": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.",
      "id": "GSD-2014-2855",
      "modified": "2023-12-13T01:22:46.241756Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@ubuntu.com",
        "ID": "CVE-2014-2855",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a",
            "refsource": "CONFIRM",
            "url": "https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a"
          },
          {
            "name": "USN-2171-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2171-1"
          },
          {
            "name": "openSUSE-SU-2014:0595",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html"
          },
          {
            "name": "[oss-security] 20140414 CVE Request: rsync denial of service",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2014/04/14/5"
          },
          {
            "name": "57948",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/57948"
          },
          {
            "name": "FEDORA-2014-5315",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html"
          },
          {
            "name": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230",
            "refsource": "CONFIRM",
            "url": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230"
          },
          {
            "name": "MDVSA-2015:131",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:131"
          },
          {
            "name": "https://bugzilla.samba.org/show_bug.cgi?id=10551",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=10551"
          },
          {
            "name": "http://advisories.mageia.org/MGASA-2015-0065.html",
            "refsource": "CONFIRM",
            "url": "http://advisories.mageia.org/MGASA-2015-0065.html"
          },
          {
            "name": "[oss-security] 20140415 Re: CVE Request: rsync denial of service",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2014/04/15/1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:3.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:3.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:3.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.8.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.9.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:3.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:3.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:2.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "ID": "CVE-2014-2855"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2014-5315",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html"
            },
            {
              "name": "[oss-security] 20140415 Re: CVE Request: rsync denial of service",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2014/04/15/1"
            },
            {
              "name": "57948",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/57948"
            },
            {
              "name": "[oss-security] 20140414 CVE Request: rsync denial of service",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2014/04/14/5"
            },
            {
              "name": "https://bugzilla.samba.org/show_bug.cgi?id=10551",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.samba.org/show_bug.cgi?id=10551"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230"
            },
            {
              "name": "https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a"
            },
            {
              "name": "openSUSE-SU-2014:0595",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html"
            },
            {
              "name": "MDVSA-2015:131",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:131"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2015-0065.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://advisories.mageia.org/MGASA-2015-0065.html"
            },
            {
              "name": "USN-2171-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2171-1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-12-16T02:29Z",
      "publishedDate": "2014-04-23T15:55Z"
    }
  }
}

OPENSUSE-SU-2024:10548-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

rsync-3.1.2-1.5 on GA media

Notes

Title of the patch

rsync-3.1.2-1.5 on GA media

Description of the patch

These are all security issues fixed in the rsync-3.1.2-1.5 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10548

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "rsync-3.1.2-1.5 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the rsync-3.1.2-1.5 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10548",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10548-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2011-1097 page",
        "url": "https://www.suse.com/security/cve/CVE-2011-1097/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-2855 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-2855/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8242 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8242/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-9512 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-9512/"
      }
    ],
    "title": "rsync-3.1.2-1.5 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10548-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-3.1.2-1.5.aarch64",
                "product": {
                  "name": "rsync-3.1.2-1.5.aarch64",
                  "product_id": "rsync-3.1.2-1.5.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-3.1.2-1.5.ppc64le",
                "product": {
                  "name": "rsync-3.1.2-1.5.ppc64le",
                  "product_id": "rsync-3.1.2-1.5.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-3.1.2-1.5.s390x",
                "product": {
                  "name": "rsync-3.1.2-1.5.s390x",
                  "product_id": "rsync-3.1.2-1.5.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rsync-3.1.2-1.5.x86_64",
                "product": {
                  "name": "rsync-3.1.2-1.5.x86_64",
                  "product_id": "rsync-3.1.2-1.5.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-3.1.2-1.5.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:rsync-3.1.2-1.5.aarch64"
        },
        "product_reference": "rsync-3.1.2-1.5.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-3.1.2-1.5.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:rsync-3.1.2-1.5.ppc64le"
        },
        "product_reference": "rsync-3.1.2-1.5.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-3.1.2-1.5.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:rsync-3.1.2-1.5.s390x"
        },
        "product_reference": "rsync-3.1.2-1.5.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rsync-3.1.2-1.5.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:rsync-3.1.2-1.5.x86_64"
        },
        "product_reference": "rsync-3.1.2-1.5.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-1097",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2011-1097"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.aarch64",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.ppc64le",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.s390x",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2011-1097",
          "url": "https://www.suse.com/security/cve/CVE-2011-1097"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 684387 for CVE-2011-1097",
          "url": "https://bugzilla.suse.com/684387"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.aarch64",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.ppc64le",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.s390x",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2011-1097"
    },
    {
      "cve": "CVE-2014-2855",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-2855"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.aarch64",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.ppc64le",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.s390x",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-2855",
          "url": "https://www.suse.com/security/cve/CVE-2014-2855"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 873740 for CVE-2014-2855",
          "url": "https://bugzilla.suse.com/873740"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.aarch64",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.ppc64le",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.s390x",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-2855"
    },
    {
      "cve": "CVE-2014-8242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.aarch64",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.ppc64le",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.s390x",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8242",
          "url": "https://www.suse.com/security/cve/CVE-2014-8242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 900914 for CVE-2014-8242",
          "url": "https://bugzilla.suse.com/900914"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 922710 for CVE-2014-8242",
          "url": "https://bugzilla.suse.com/922710"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.aarch64",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.ppc64le",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.s390x",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2014-8242"
    },
    {
      "cve": "CVE-2014-9512",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-9512"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.aarch64",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.ppc64le",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.s390x",
          "openSUSE Tumbleweed:rsync-3.1.2-1.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-9512",
          "url": "https://www.suse.com/security/cve/CVE-2014-9512"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 915410 for CVE-2014-9512",
          "url": "https://bugzilla.suse.com/915410"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960191 for CVE-2014-9512",
          "url": "https://bugzilla.suse.com/960191"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.aarch64",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.ppc64le",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.s390x",
            "openSUSE Tumbleweed:rsync-3.1.2-1.5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-9512"
    }
  ]
}

FKIE_CVE-2014-2855

Vulnerability from fkie_nvd - Published: 2014-04-23 15:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
security@ubuntu.com	http://advisories.mageia.org/MGASA-2015-0065.html
security@ubuntu.com	http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html
security@ubuntu.com	http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html
security@ubuntu.com	http://secunia.com/advisories/57948	Vendor Advisory
security@ubuntu.com	http://www.mandriva.com/security/advisories?name=MDVSA-2015:131
security@ubuntu.com	http://www.openwall.com/lists/oss-security/2014/04/14/5
security@ubuntu.com	http://www.openwall.com/lists/oss-security/2014/04/15/1
security@ubuntu.com	http://www.ubuntu.com/usn/USN-2171-1
security@ubuntu.com	https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230
security@ubuntu.com	https://bugzilla.samba.org/show_bug.cgi?id=10551	Vendor Advisory
security@ubuntu.com	https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a
af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2015-0065.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57948	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:131
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/04/14/5
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/04/15/1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2171-1
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.samba.org/show_bug.cgi?id=10551	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a

Impacted products

Vendor	Product	Version
samba	rsync	*
samba	rsync	2.6.9
samba	rsync	2.7.0
samba	rsync	2.7.1
samba	rsync	2.7.2
samba	rsync	2.7.3
samba	rsync	2.7.4
samba	rsync	2.7.5
samba	rsync	2.7.6
samba	rsync	2.7.7
samba	rsync	2.7.8
samba	rsync	2.7.9
samba	rsync	2.8.0
samba	rsync	2.8.1
samba	rsync	2.8.2
samba	rsync	2.8.3
samba	rsync	2.8.4
samba	rsync	2.8.5
samba	rsync	2.8.6
samba	rsync	2.8.7
samba	rsync	2.8.8
samba	rsync	2.8.9
samba	rsync	2.9.0
samba	rsync	2.9.1
samba	rsync	2.9.2
samba	rsync	2.9.3
samba	rsync	2.9.4
samba	rsync	2.9.5
samba	rsync	2.9.6
samba	rsync	2.9.7
samba	rsync	2.9.8
samba	rsync	2.9.9
samba	rsync	3.0.0
samba	rsync	3.0.1
samba	rsync	3.0.2
samba	rsync	3.0.3
samba	rsync	3.0.4
samba	rsync	3.0.5
samba	rsync	3.0.6
samba	rsync	3.0.7
samba	rsync	3.0.8
samba	rsync	3.0.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE263B95-48A6-469F-9546-3797B63DDF0F",
              "versionEndIncluding": "3.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA9CA2C-640D-407E-B1A1-B796CD4F4022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6525C2F-2572-4310-9D30-B198CB384984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DBCAA31-D770-451A-A0FE-7A6E8A99416D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB31395-F275-473B-B86B-B2E758BA2D47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "374E5F91-0E56-4191-B739-4D519DDE9792",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "662396BC-14FB-45C6-9C5B-C557A5DE2E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34821C0-3586-4160-B3AD-C49C27EEE05C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C7901A8-84D3-4852-A439-C12EB471C21C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "19AA7B76-8AEB-4B5C-B7F4-82899D200951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "88559A7B-9063-4952-928A-2FE6242D3FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB40E21F-55FA-4E2F-8A53-3CDF12754882",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "23834146-79D3-40F1-857A-339D5BD15DC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C41B8A-8330-4C5F-A0BA-854E96C3F686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EAD7F16-C6FD-4499-8CC9-310379DE8CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B965433-0880-43F3-996F-7F2FAA951B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9191C5BE-F4CF-4285-AFCE-FB0F58F7868E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEDC1BF-B858-420D-8471-BE6F9BD766CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D214AC3E-7D71-4019-BF13-3B037F345D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8056C095-00C3-48A9-8F00-8EC3CA71AE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "72EA2B26-61BC-4513-9B11-7C21477F93BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEECBA41-4E06-4D26-AD66-1698C39CB4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E73D14-2BBB-4E6E-970D-58C9D678CB07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58239BB8-F979-4902-807F-7037FA10D13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D494532E-87C1-435A-B41C-C446EA100FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF3AD10-C818-4510-AAB3-E760D48FDC2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB3A011-194C-4F0C-8DA2-48C592C9369A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B29F059-2213-4D01-A704-95A5620AE1DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5774F2C-A9D4-4E92-8832-A7CC2F25B682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2845B1-800A-4A87-A11E-94919CBA5655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4779C728-4B69-4B75-92A2-45E5D41FCC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:2.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "99BA0BEE-7C5F-47BD-AE02-68F69E52EA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7313AE31-C2AA-4A06-98BB-0AD3FAB7AAAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C44A273A-4613-44DC-905B-8EEDC035799C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA1C380-B119-4FA8-B75B-272DF7791D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "58D8B6CB-9968-4697-B87D-03DB7D150BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6659AB2-3361-4E91-A55D-BE09DE94B579",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B4B557A-9F40-415C-9919-955B3E0D5253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E48129D-B453-4048-BB18-AF52C97373F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "10DA1C5D-EF59-4633-B279-5B317306DA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFA9532-4359-42ED-92D9-1C33CB138D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:rsync:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A081055-55BB-4FED-87BA-117A23CB33C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n check_secret en authenticate.c en rsync 3.1.0 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y consumo de CPU) a trav\u00e9s de un nombre de usuario que no existe en el archivo de secretos."
    }
  ],
  "id": "CVE-2014-2855",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-23T15:55:04.593",
  "references": [
    {
      "source": "security@ubuntu.com",
      "url": "http://advisories.mageia.org/MGASA-2015-0065.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/57948"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:131"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/14/5"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/15/1"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.ubuntu.com/usn/USN-2171-1"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=10551"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2015-0065.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/57948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/14/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/15/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2171-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=10551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-56MX-JC29-3MP9

Vulnerability from github – Published: 2022-05-17 00:13 – Updated: 2025-04-12 12:32

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-2855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-04-23T15:55:00Z",
    "severity": "HIGH"
  },
  "details": "The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.",
  "id": "GHSA-56mx-jc29-3mp9",
  "modified": "2025-04-12T12:32:59Z",
  "published": "2022-05-17T00:13:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2855"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=10551"
    },
    {
      "type": "WEB",
      "url": "https://git.samba.org/?p=rsync.git%3Ba=commit%3Bh=0dedfbce2c1b851684ba658861fe9d620636c56a"
    },
    {
      "type": "WEB",
      "url": "https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2015-0065.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/57948"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:131"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/14/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/15/1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2171-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-2855 (GCVE-0-2014-2855)

GSD-2014-2855

OPENSUSE-SU-2024:10548-1

FKIE_CVE-2014-2855

GHSA-56MX-JC29-3MP9

Tags

Sightings

Nomenclature