#VU49239 Improper validation of certificate with host mismatch in Rsync - CVE-2020-14387

Cybersecurity Help s.r.o.

Published: 2021-01-04 | Updated: 2023-05-01

Vulnerability identifier: #VU49239

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-14387

CWE-ID: CWE-297

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Rsync
Server applications / Other server solutions

Vendor: Samba

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists in Samba rsync due to the application does not verify the hostname in the server certificate in openssl mode. A remote attacker can supply any valid certificate for another hostname and intercept the traffic.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Rsync: 3.2.0 - 3.2.3pre1

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1875549
https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859
https://bugs.archlinux.org/task/69051

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell PowerStoreT OS

Gentoo update for rsync

Multiple vulnerabilities in Dell PowerStore Family

Arch Linux update for rsync

MitM attack in Samba Rsync