CVE-2013-4166 - OpenCVE

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gnome	Evolution Evolution Data Server
Redhat	Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server

Configuration 1 [-]

OR	cpe:2.3:a:gnome:evolution::::::::
	cpe:2.3:a:gnome:evolution_data_server::::::::

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2013-1540.html	Third Party Advisory
http://seclists.org/oss-sec/2013/q3/191	Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=973728	Issue Tracking Third Party Advisory
https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5	Patch Vendor Advisory
https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-02-06T14:29:39

Updated: 2020-02-06T14:29:39

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4166

JSON object: View

NVD Information

Status : Modified

Published: 2020-02-06T15:15:10.310

Modified: 2023-02-13T00:28:34.797

Link: CVE-2013-4166

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:evolution:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5E80647-C781-46B5-99FE-642A201658FF", "versionEndIncluding": "3.8.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:evolution_data_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "24ED9A34-5FEB-43EA-BBE7-4207C0F61E67", "versionEndIncluding": "3.9.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information."}, {"lang": "es", "value": "La funci\u00f3n gpg_ctx_add_recipient en el archivo camel/camel-gpg-context.c en GNOME Evolution versiones 3.8.4 y anteriores y Evolution Data Server versiones 3.9.5 y anteriores, no selecciona apropiadamente la clave GPG que se usa para el cifrado de correo electr\u00f3nico, lo que podr\u00eda causar que el correo electr\u00f3nico sea cifrado con la clave errada y permitir a atacantes remotos obtener informaci\u00f3n confidencial."}], "id": "CVE-2013-4166", "lastModified": "2023-02-13T00:28:34.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-06T15:15:10.310", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1540.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/oss-sec/2013/q3/191"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=973728"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}