Vulnerability CVE-2017-17689


Published: 2018-05-16

Description:
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

Type:

CWE-310

(Cryptographic Issues)

Vendor: Microsoft
Product: Outlook 
Version:
2016
2013
2010
2007
Vendor: Freron
Product: Mailmate 
Vendor: 9folders
Product: NINE 
Vendor: Postbox-inc
Product: Postbox 
Vendor: Google
Product: Gmail 
Vendor: Bloop
Product: Airmail 
Vendor: Ritlabs
Product: The bat 
Vendor: IBM
Product: Notes 
Vendor: Flipdogsolutions
Product: Maildroid 
Vendor: Mozilla
Product: Thunderbird 
Vendor: KDE
Product: Trojita 
Product: Kmail 
Vendor: Gnome
Product: Evolution 
Vendor: Apple
Product: MAIL 
Vendor: R2mail2
Product: R2mail2 
Vendor: Horde
Product: Horde imp 
Vendor: Emclient
Product: Emclient 

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.securityfocus.com/bid/104165
https://efail.de
https://news.ycombinator.com/item?id=17066419
https://pastebin.com/gNCc8aYm
https://twitter.com/matthew_d_green/status/996371541591019520
https://www.synology.com/support/security/Synology_SA_18_22

Copyright 2019, cxsecurity.com

 

Back to Top