3.1.0 daemon infinite loop when no matched user in secrets
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rsync |
Fix Released
|
High
|
|||
rsync (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
* In rsync 3.1.0, with a module configured for user authentication, a remote client can send an invalid username and cause an infinite CPU loop on the server child process.
* The server master process is unaffected, allowing the remote client to do this multiple times toward system-wide denial of service.
[Test Case]
* /tmp/rsyncd.conf
[test-module]
path = /tmp
auth users = *
secrets file = /tmp/rsyncd.secrets
* /tmp/rsyncd.secrets
gooduser:goodpass
* Server:
chmod 0600 /tmp/rsyncd.secrets
rsync --no-detach --daemon --config /tmp/rsyncd.conf
* Client:
RSYNC_PASSWORD=
[Regression Potential]
* Legitimate authentication could possibly be broken by the fix.
[Other Info]
* Upstream fix is git commit 0dedfbce2c1b851
* Patch has been tested by the reporter
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: rsync 3.1.0-2
ProcVersionSign
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu2
Architecture: amd64
Date: Sun Apr 13 13:59:38 2014
InstallationDate: Installed on 2012-04-17 (726 days ago)
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Beta amd64 (20120415)
ProcEnviron:
TERM=screen
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: rsync
UpgradeStatus: Upgraded to trusty on 2014-04-13 (0 days ago)
mtime.conffile.
Related branches
CVE References
information type: | Public → Private Security |
description: | updated |
Changed in rsync: | |
importance: | Unknown → High |
status: | Unknown → Fix Released |
Changed in rsync (Ubuntu Trusty): | |
status: | New → Triaged |
importance: | Undecided → High |
CVE requested: http:// www.openwall. com/lists/ oss-security/ 2014/04/ 14/5