oss-sec mailing list archives

CVE Request: rsync denial of service

From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Mon, 14 Apr 2014 07:40:08 -0400

Hello,

Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when
attempting to authenticate using a nonexistent username. A remote attacker could
use this flaw to cause a denial of service via CPU consumption.

Bug reports:
https://bugzilla.samba.org/show_bug.cgi?id=10551
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230

Fix:
https://git.samba.org/?p=rsync.git;a=commitdiff;h=0dedfbce2c1b851684ba658861fe9d620636c56a


Could a CVE please be assigned to this issue?

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Current thread:

CVE Request: rsync denial of service Marc Deslauriers (Apr 14)
- Re: CVE Request: rsync denial of service cve-assign (Apr 15)