Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-0772

Опубликовано: 02 сент. 2016
Источник: debian

Описание

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.5fixed3.5.2~rc1-1package
python3.4removedpackage
python3.2removedpackage
python2.7fixed2.7.12~rc1-1package
python2.7fixed2.7.9-2+deb8u1jessiepackage

Примечания

  • 3.4 branch: https://hg.python.org/cpython/rev/d590114c2394

  • 2.7 branch: https://hg.python.org/cpython/rev/b3ce713fb9be

Связанные уязвимости

ubuntu логотип

CVE-2016-0772

CVSS3: 6.5
ubuntu
почти 9 лет назад

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

redhat логотип

CVE-2016-0772

CVSS3: 4.8
redhat
около 9 лет назад

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

nvd логотип

CVE-2016-0772

CVSS3: 6.5
nvd
почти 9 лет назад

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

github логотип

GHSA-6m57-q338-h677

CVSS3: 6.5
github
около 3 лет назад

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

suse-cvrf логотип

openSUSE-SU-2016:1885-1

suse-cvrf
около 9 лет назад

Security update for python