CVE-2020-15953 - OpenCVE

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Libetpan Project	Libetpan
Libmailcore	Mailcore2
Debian	Debian Linux
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:libetpan_project:libetpan:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:libmailcore:mailcore2:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html	Broken Link
https://github.com/dinhvh/libetpan/issues/386	Exploit Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/
https://security.gentoo.org/glsa/202007-55	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-27T06:07:04

Updated: 2020-09-22T21:06:20

Reserved: 2020-07-27T00:00:00

Link: CVE-2020-15953

JSON object: View

NVD Information

Status : Modified

Published: 2020-07-27T07:15:10.910

Modified: 2023-11-07T03:17:57.223

Link: CVE-2020-15953

JSON object: View

Redhat Information

No data.

CWE

CWE-74

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-22T21:06:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/dinhvh/libetpan/issues/386"}, {"name": "GLSA-202007-55", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202007-55"}, {"name": "[debian-lts-announce] 20200816 [SECURITY] [DLA 2329-1] libetpan security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html"}, {"name": "FEDORA-2020-13ae5f7221", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/"}, {"name": "FEDORA-2020-44e52ef729", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN/"}, {"name": "openSUSE-SU-2020:1454", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html"}, {"name": "openSUSE-SU-2020:1505", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15953", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/dinhvh/libetpan/issues/386", "refsource": "MISC", "url": "https://github.com/dinhvh/libetpan/issues/386"}, {"name": "GLSA-202007-55", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-55"}, {"name": "[debian-lts-announce] 20200816 [SECURITY] [DLA 2329-1] libetpan security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html"}, {"name": "FEDORA-2020-13ae5f7221", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/"}, {"name": "FEDORA-2020-44e52ef729", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN/"}, {"name": "openSUSE-SU-2020:1454", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html"}, {"name": "openSUSE-SU-2020:1505", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15953", "datePublished": "2020-07-27T06:07:04", "dateReserved": "2020-07-27T00:00:00", "dateUpdated": "2020-09-22T21:06:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libetpan_project:libetpan:*:*:*:*:*:*:*:*", "matchCriteriaId": "265D13E3-68BC-4CD7-B04E-A9713F74895F", "versionEndIncluding": "1.9.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libmailcore:mailcore2:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BC108A8-B707-46A8-BD74-19DB4DDD7E56", "versionEndIncluding": "0.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\""}, {"lang": "es", "value": "LibEtPan versiones hasta 1.9.4, como es usado en MailCore 2 versiones hasta 0.6.3 y otros productos, presenta un problema de almacenamiento en b\u00fafer STARTTLS que afecta a IMAP, SMTP y POP3. Cuando un servidor env\u00eda una respuesta \"begin TLS\", el cliente lee datos adicionales (por ejemplo, de un atacante de tipo meddler-in-the-middle) y los eval\u00faa en un contexto TLS, tambi\u00e9n se conoce como \"response injection\""}], "id": "CVE-2020-15953", "lastModified": "2023-11-07T03:17:57.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-27T07:15:10.910", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00060.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00075.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/dinhvh/libetpan/issues/386"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00026.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M65FVH5XPS23NLHFN3ABEGBSCHZAISXN/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202007-55"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}