Vulnerability CVE-2018-12019


Published: 2018-06-13

Description:
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.

Type:

CWE-347

(Improper Verification of Cryptographic Signature)

Vendor: Enigmail
Product: Enigmail 
Version:
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0
1.9.9
1.9.8
1.9.7
1.9.6.1
1.9.6
1.9.5
1.9.4
1.9.3
1.9.2
1.9.1
1.9.0
1.8.2
1.8.1
1.8.0
1.7.2
1.7.0
1.7
1.6.0
1.5.2
1.5.1
1.5.0
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.1
1.2.0
1.1.2
1.1.1
1.1.0
1.0.0
0.96.0
0.95.7
0.95.6
0.95.5
0.95.4
0.95.3
0.95.2
0.95.1
0.95.0
0.94.4
0.94.3
0.94.2
0.94.1
0.94.0
0.93.2
0.93.1
0.93.0
0.92.1
0.92.0
0.91.0
0.90.2
0.90.1
0.90.0
0.89.6
0.89.5
0.89.4
0.89.3
0.89.2
0.89.1
0.89.0
0.86.1
0.86.0
0.85.0
0.84.2
0.84.1
0.84.0
0.83.6
0.83.5
0.83.4
0.83.3
0.83.2
0.83.1
0.83.0
0.82.6
0.82.5
0.82.4
0.82.3
0.82.2
0.82.1
0.82.0
0.81.7
0.81.6
0.81.5
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://openwall.com/lists/oss-security/2018/06/13/10
https://www.enigmail.net/index.php/en/download/changelog

Related CVE
CVE-2017-17848
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words...
CVE-2017-17847
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demo...
CVE-2017-17846
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
CVE-2017-17845
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
CVE-2017-17844
An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block...
CVE-2017-17843
An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as ...
CVE-2014-5369
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2007-1264
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remot...

Copyright 2018, cxsecurity.com

 

Back to Top