[Bug 1307230] Re: 3.1.0 daemon infinite loop when no matched user in secrets

Marc Deslauriers marc.deslauriers at canonical.com
Mon Apr 14 11:40:59 UTC 2014 

CVE requested: http://www.openwall.com/lists/oss-security/2014/04/14/5

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1307230

Title:
  3.1.0 daemon infinite loop when no matched user in secrets

Status in rsync:
  Fix Released
Status in “rsync” package in Ubuntu:
  New
Status in “rsync” source package in Trusty:
  New

Bug description:
  [Impact]

   * In rsync 3.1.0, with a module configured for user authentication, a
  remote client can send an invalid username and cause an infinite CPU
  loop on the server child process.

   * The server master process is unaffected, allowing the remote client
  to do this multiple times toward system-wide denial of service.

  [Test Case]

   * /tmp/rsyncd.conf

  [test-module]
    path = /tmp
    auth users = *
    secrets file = /tmp/rsyncd.secrets

   * /tmp/rsyncd.secrets

  gooduser:goodpass

   * Server:

  chmod 0600 /tmp/rsyncd.secrets
  rsync --no-detach --daemon --config /tmp/rsyncd.conf

   * Client:

  RSYNC_PASSWORD=badpass rsync rsync://baduser@host/test-module/

  [Regression Potential]

   * Legitimate authentication could possibly be broken by the fix.

  [Other Info]
   
   * Upstream fix is git commit 0dedfbce2c1b851684ba658861fe9d620636c56a (https://git.samba.org/?p=rsync.git;a=commitdiff;h=0dedfbce2c1b851684ba658861fe9d620636c56a)
   * Patch has been tested by the reporter


  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: rsync 3.1.0-2
  ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  ApportVersion: 2.14.1-0ubuntu2
  Architecture: amd64
  Date: Sun Apr 13 13:59:38 2014
  InstallationDate: Installed on 2012-04-17 (726 days ago)
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Beta amd64 (20120415)
  ProcEnviron:
   TERM=screen
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: rsync
  UpgradeStatus: Upgraded to trusty on 2014-04-13 (0 days ago)
  mtime.conffile..etc.default.rsync: 2012-05-26T00:47:05.076019

To manage notifications about this bug go to:
https://bugs.launchpad.net/rsync/+bug/1307230/+subscriptions

More information about the foundations-bugs mailing list