[Bug 1307230] Re: 3.1.0 daemon infinite loop when no matched user in secrets

Launchpad Bug Tracker 1307230 at bugs.launchpad.net
Wed Apr 23 14:39:10 UTC 2014 

This bug was fixed in the package rsync - 3.1.0-2ubuntu0.1

---------------
rsync (3.1.0-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid username (LP: #1307230)
    - debian/patches/CVE-2014-2855.diff: avoid infinite wait reading
      secrets file in authenticate.c.
    - CVE-2014-2855
 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>   Thu, 17 Apr 2014 12:56:34 -0400

** Changed in: rsync (Ubuntu Trusty)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1307230

Title:
  3.1.0 daemon infinite loop when no matched user in secrets

Status in rsync:
  Fix Released
Status in “rsync” package in Ubuntu:
  Fix Released
Status in “rsync” source package in Trusty:
  Fix Released

Bug description:
  [Impact]

   * In rsync 3.1.0, with a module configured for user authentication, a
  remote client can send an invalid username and cause an infinite CPU
  loop on the server child process.

   * The server master process is unaffected, allowing the remote client
  to do this multiple times toward system-wide denial of service.

  [Test Case]

   * /tmp/rsyncd.conf

  [test-module]
    path = /tmp
    auth users = *
    secrets file = /tmp/rsyncd.secrets

   * /tmp/rsyncd.secrets

  gooduser:goodpass

   * Server:

  chmod 0600 /tmp/rsyncd.secrets
  rsync --no-detach --daemon --config /tmp/rsyncd.conf

   * Client:

  RSYNC_PASSWORD=badpass rsync rsync://baduser@host/test-module/

  [Regression Potential]

   * Legitimate authentication could possibly be broken by the fix.

  [Other Info]
   
   * Upstream fix is git commit 0dedfbce2c1b851684ba658861fe9d620636c56a (https://git.samba.org/?p=rsync.git;a=commitdiff;h=0dedfbce2c1b851684ba658861fe9d620636c56a)
   * Patch has been tested by the reporter


  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: rsync 3.1.0-2
  ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  ApportVersion: 2.14.1-0ubuntu2
  Architecture: amd64
  Date: Sun Apr 13 13:59:38 2014
  InstallationDate: Installed on 2012-04-17 (726 days ago)
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Beta amd64 (20120415)
  ProcEnviron:
   TERM=screen
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: rsync
  UpgradeStatus: Upgraded to trusty on 2014-04-13 (0 days ago)
  mtime.conffile..etc.default.rsync: 2012-05-26T00:47:05.076019

To manage notifications about this bug go to:
https://bugs.launchpad.net/rsync/+bug/1307230/+subscriptions

More information about the foundations-bugs mailing list