CVSS: 7.8EPSS: 4%CPEs: 42EXPL: 0CVE-2014-2855
https://notcve.org/view.php?id=CVE-2014-2855
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file. La función check_secret en authenticate.c en rsync 3.1.0 y anteriores permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un nombre de usuario que no existe en el archivo de secretos. • http://advisories.mageia.org/MGASA-2015-0065.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00006.html http://secunia.com/advisories/57948 http://www.mandriva.com/security/advisories?name=MDVSA-2015:131 http://www.openwall.com/lists/oss-security/2014/04/14/5 http://www.openwall.com/lists/oss-security/2014/04/15/1 http://www.ubuntu.com/usn/USN-2171-1 https://bugs.launchpad.net/ • CWE-20: Improper Input Validation •
CVSS: 5.1EPSS: 2%CPEs: 8EXPL: 0CVE-2011-1097 – rsync: Incremental file-list corruption due to temporary file_extra_cnt increments
https://notcve.org/view.php?id=CVE-2011-1097
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data. rsync 3.x anterior a3.0.8, cuando se utilizan ciertas opciones de recursión, borrado, y propietario, permite a los servidores rsync remotos provocar una denegación de servicio (corrupción de memoria dinámica y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de datos con formato incorrecto. • http://gitweb.samba.org/?p=rsync.git%3Ba=commit%3Bh=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057641.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057736.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057737.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://lists.samba.org/archive/rsync/2011-January/025988.html http://marc.info/?l=bugtraq&m=13322618711547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 33EXPL: 0CVE-2008-1720
https://notcve.org/view.php?id=CVE-2008-1720
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors. Desbordamiento de búfer en resync2.6.9 a 3.0.1, al activar el soporte de atributos extendidos (xattr), puede permitir a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://marc.info/?l=bugtraq&m=125017764422557&w=2 http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff http://samba.anu.edu.au/rsync/security.html#s3_0_2 http://secunia.com/advisories/29668 http://secunia.com/advisories/29770 http://secunia.com/advisories/29777 http://secunia.com/advisories/29781 http://secunia.com/advisories/29788 http://secunia.com/advisories/29856 http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •