Rsync Certificate Validation Flaw in Version 3.2.0pre1 and Beyond
CVE-2020-14387

7.4HIGH

Key Information:

Vendor: Samba
Status: Rsync
Vendor: CVE Published:; 27 May 2021

What is CVE-2020-14387?

A security issue has been identified in Rsync affecting versions starting from 3.2.0pre1, involving improper validation of certificates during the rsync-ssl operation. This vulnerability could allow a remote, unauthenticated attacker to execute a man-in-the-middle attack by utilizing a valid certificate for a different hostname. Consequently, this flaw poses a significant risk to the confidentiality and integrity of the data being transmitted, as data could be intercepted and manipulated without detection. Users are advised to upgrade to version 3.2.4 or later to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

rsync rsync 3.2.4

References

https://bugzilla.redhat.com/show_bug.cgi?id=1875549

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 27, 2021
Vulnerability Reserved
Jun 17, 2020

JSON

Samba

What is CVE-2020-14387?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.