CVE-2014-8242 — MEDIUM (5.8)

Q: What is CVE-2014-8242?

CVE-2014-8242 is a vulnerability with a CVSS score of 5.8 (MEDIUM). librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.

Q: How severe is CVE-2014-8242?

CVE-2014-8242 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-8242?

Check the references section above for vendor advisories and patch information. Affected products include: Librsync Project Librsync.

Vulnerability Description

librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:P

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Librsync Project	Librsync	< 1.0.0

Related Weaknesses (CWE)

CWE-310

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151105.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152355.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152366.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-10/msg00034.htmlMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/07/28/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/08/05/5Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/13/2Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1126712Issue TrackingThird Party Advisory
https://github.com/librsync/librsync/issues/5PatchThird Party Advisory
https://github.com/librsync/librsync/releases/tag/v1.0.0PatchThird Party Advisory
https://security.gentoo.org/glsa/201605-04Third Party Advisory
https://www.miknet.net/security/optimizing-birthday-attack/Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151105.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152355.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152366.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2014-8242?

CVE-2014-8242 is a vulnerability with a CVSS score of 5.8 (MEDIUM). librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.

How severe is CVE-2014-8242?

CVE-2014-8242 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-8242?

Check the references section above for vendor advisories and patch information. Affected products include: Librsync Project Librsync.