CVE-2021-38084 - OpenCVE

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Courier-mta	Courier Mail Server

Configuration 1 [-]

cpe:2.3:a:courier-mta:courier_mail_server:*:*:*:*:*:*:*:*

References

Link	Resource
https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583	Third Party Advisory
https://sourceforge.net/p/courier/mailman/message/37329216/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-03T21:22:29

Updated: 2021-08-03T21:22:29

Reserved: 2021-08-03T00:00:00

Link: CVE-2021-38084

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-03T22:15:09.310

Modified: 2021-09-09T17:18:46.767

Link: CVE-2021-38084

JSON object: View

Redhat Information

No data.

CWE

CWE-74

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-03T21:22:29", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/courier/mailman/message/37329216/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38084", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583", "refsource": "MISC", "url": "https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583"}, {"name": "https://sourceforge.net/p/courier/mailman/message/37329216/", "refsource": "MISC", "url": "https://sourceforge.net/p/courier/mailman/message/37329216/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38084", "datePublished": "2021-08-03T21:22:29", "dateReserved": "2021-08-03T00:00:00", "dateUpdated": "2021-08-03T21:22:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:courier-mta:courier_mail_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "028FA0B7-3E20-4F6D-AC58-1C949D0A3502", "versionEndExcluding": "1.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session."}, {"lang": "es", "value": "Se ha detectado un problema en el componente POP3 de Courier Mail Server versiones anteriores a 1.1.5. Unos atacantes de tipo Meddler-in-the-middle pueden canalizar comandos despu\u00e9s del comando POP3 STLS, inyectando comandos en texto plano en una sesi\u00f3n de usuario cifrada"}], "id": "CVE-2021-38084", "lastModified": "2021-09-09T17:18:46.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-03T22:15:09.310", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/courier/mailman/message/37329216/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}