[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-8242Date: (C)2015-12-16   (M)2023-12-22


librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
FEDORA-2015-2923
FEDORA-2015-3366
FEDORA-2015-3497
GLSA-201605-04
http://www.openwall.com/lists/oss-security/2014/07/28/1
http://www.openwall.com/lists/oss-security/2014/08/05/5
http://www.openwall.com/lists/oss-security/2014/10/13/2
https://bugzilla.redhat.com/show_bug.cgi?id=1126712
https://github.com/librsync/librsync/issues/5
https://github.com/librsync/librsync/releases/tag/v1.0.0
https://www.miknet.net/security/optimizing-birthday-attack/
openSUSE-SU-2015:1752

CWE    1
CWE-310
OVAL    9
oval:org.secpod.oval:def:108521
oval:org.secpod.oval:def:108544
oval:org.secpod.oval:def:108547
oval:org.secpod.oval:def:108537
...

© SecPod Technologies