CVE-2016-10027 - OpenCVE

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Igniterealtime	Smack
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:igniterealtime:smack:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2016/12/22/12	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/95129	Third Party Advisory VDB Entry
https://community.igniterealtime.org/blogs/ignite/2016/11/22/smack-security-advisory-2016-11-22	Vendor Advisory
https://github.com/igniterealtime/Smack/commit/059ee99ba0d5ff7758829acf5a9aeede09ec820b	Patch Third Party Advisory
https://github.com/igniterealtime/Smack/commit/a9d5cd4a611f47123f9561bc5a81a4555fe7cb04	Patch Third Party Advisory
https://issues.igniterealtime.org/projects/SMACK/issues/SMACK-739	Issue Tracking Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4WXAZ4JVJXHMEDDXJVWJHPVBF5QCTZF/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-12T23:00:00

Updated: 2017-01-12T22:57:01

Reserved: 2016-12-22T00:00:00

Link: CVE-2016-10027

JSON object: View

NVD Information

Status : Modified

Published: 2017-01-12T23:59:00.197

Modified: 2023-11-07T02:29:30.427

Link: CVE-2016-10027

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the \"starttls\" feature from a server response."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-12T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/igniterealtime/Smack/commit/059ee99ba0d5ff7758829acf5a9aeede09ec820b"}, {"name": "FEDORA-2016-897a1e6698", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4WXAZ4JVJXHMEDDXJVWJHPVBF5QCTZF/"}, {"name": "95129", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95129"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.igniterealtime.org/projects/SMACK/issues/SMACK-739"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/igniterealtime/Smack/commit/a9d5cd4a611f47123f9561bc5a81a4555fe7cb04"}, {"name": "[oss-security] 20161222 Re: CVE Request: Smack: TLS SecurityMode.required not always enforced, leading to striptls attack", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/12/22/12"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://community.igniterealtime.org/blogs/ignite/2016/11/22/smack-security-advisory-2016-11-22"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10027", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the \"starttls\" feature from a server response."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/igniterealtime/Smack/commit/059ee99ba0d5ff7758829acf5a9aeede09ec820b", "refsource": "CONFIRM", "url": "https://github.com/igniterealtime/Smack/commit/059ee99ba0d5ff7758829acf5a9aeede09ec820b"}, {"name": "FEDORA-2016-897a1e6698", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4WXAZ4JVJXHMEDDXJVWJHPVBF5QCTZF/"}, {"name": "95129", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95129"}, {"name": "https://issues.igniterealtime.org/projects/SMACK/issues/SMACK-739", "refsource": "CONFIRM", "url": "https://issues.igniterealtime.org/projects/SMACK/issues/SMACK-739"}, {"name": "https://github.com/igniterealtime/Smack/commit/a9d5cd4a611f47123f9561bc5a81a4555fe7cb04", "refsource": "CONFIRM", "url": "https://github.com/igniterealtime/Smack/commit/a9d5cd4a611f47123f9561bc5a81a4555fe7cb04"}, {"name": "[oss-security] 20161222 Re: CVE Request: Smack: TLS SecurityMode.required not always enforced, leading to striptls attack", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/22/12"}, {"name": "https://community.igniterealtime.org/blogs/ignite/2016/11/22/smack-security-advisory-2016-11-22", "refsource": "CONFIRM", "url": "https://community.igniterealtime.org/blogs/ignite/2016/11/22/smack-security-advisory-2016-11-22"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10027", "datePublished": "2017-01-12T23:00:00", "dateReserved": "2016-12-22T00:00:00", "dateUpdated": "2017-01-12T22:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:igniterealtime:smack:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D1D4629-7401-416F-AE64-F7ACC12E8E29", "versionEndExcluding": "4.1.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the \"starttls\" feature from a server response."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la librer\u00eda XMPP en Smack en versiones anteriores a 4.1.9, cuando se ha establecido la configuraci\u00f3n TLS SecurityMode.required, permite a atacantes man-in-the-middle eludir las protecciones TLS y desencadenar el uso de texto plano para la autenticaci\u00f3n del cliente eliminando la funci\u00f3n \"starttls\" de una respuesta del servidor."}], "id": "CVE-2016-10027", "lastModified": "2023-11-07T02:29:30.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-12T23:59:00.197", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/12/22/12"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95129"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.igniterealtime.org/blogs/ignite/2016/11/22/smack-security-advisory-2016-11-22"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/igniterealtime/Smack/commit/059ee99ba0d5ff7758829acf5a9aeede09ec820b"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/igniterealtime/Smack/commit/a9d5cd4a611f47123f9561bc5a81a4555fe7cb04"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://issues.igniterealtime.org/projects/SMACK/issues/SMACK-739"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4WXAZ4JVJXHMEDDXJVWJHPVBF5QCTZF/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}