GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00047.html | |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00061.html | |
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00024.html | |
http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Apr/38 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2019/04/30/4 | Mailing List Third Party Advisory |
https://bugzilla.gnome.org/show_bug.cgi?id=796424 | Exploit Issue Tracking Vendor Advisory |
https://github.com/RUB-NDS/Johnny-You-Are-Fired | |
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf | |
https://lists.debian.org/debian-lts-announce/2019/04/msg00027.html | Mailing List Third Party Advisory |
https://seclists.org/bugtraq/2019/Jun/7 | |
https://usn.ubuntu.com/3998-1/ | |
https://www.debian.org/security/2019/dsa-4457 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-02-11T17:00:00
Updated: 2019-06-10T06:06:05
Reserved: 2018-08-20T00:00:00
Link: CVE-2018-15587
JSON object: View
NVD Information
Status : Modified
Published: 2019-02-11T17:29:00.270
Modified: 2019-06-10T07:29:00.803
Link: CVE-2018-15587
JSON object: View
Redhat Information
No data.
CWE