FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

librsync -- collision vulnerability

Affected packages
librsync < 1.0.0

Details

VuXML ID b22b016b-b633-11e5-83ef-14dae9d210b8
Discovery 2014-07-28
Entry 2016-01-08

Michael Samuel reports:

librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.

References

CVE Name CVE-2014-8242
URL http://www.openwall.com/lists/oss-security/2014/07/28/1