CVE-2017-17688

Опубликовано: 16 мая 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification

Ссылки

http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html
Third Party Advisory
http://www.securityfocus.com/bid/104162
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040904
Third Party Advisory
VDB Entry
https://efail.de
Exploit
Mitigation
Third Party Advisory
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html
Third Party Advisory
https://news.ycombinator.com/item?id=17066419
Issue Tracking
Third Party Advisory
https://protonmail.com/blog/pgp-vulnerability-efail
Issue Tracking
Third Party Advisory
https://twitter.com/matthew_d_green/status/995996706457243648
Third Party Advisory
https://www.patreon.com/posts/cybersecurity-15-18814817
Issue Tracking
Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_22
Third Party Advisory
http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html
Third Party Advisory
http://www.securityfocus.com/bid/104162
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040904
Third Party Advisory
VDB Entry
https://efail.de
Exploit
Mitigation
Third Party Advisory
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html
Third Party Advisory
https://news.ycombinator.com/item?id=17066419
Issue Tracking
Third Party Advisory
https://protonmail.com/blog/pgp-vulnerability-efail
Issue Tracking
Third Party Advisory
https://twitter.com/matthew_d_green/status/995996706457243648
Third Party Advisory
https://www.patreon.com/posts/cybersecurity-15-18814817
Issue Tracking
Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_22
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*

cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*

cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*

cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*

cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*

cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*

cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*

cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*

cpe:2.3:a:roundcube:webmail:-:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02845

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2017-17688

CVSS3: 5.9

ubuntu

больше 7 лет назад

CVE-2017-17688

CVSS3: 5.3

redhat

больше 7 лет назад

CVE-2017-17688

CVSS3: 5.9

debian

больше 7 лет назад

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleabi ...

GHSA-87q6-mg5f-mp98

CVSS3: 5.9

github

больше 3 лет назад

** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification.

openSUSE-SU-2018:1393-1

suse-cvrf

больше 7 лет назад

Security update for enigmail

EPSS

Процентиль: 86%

0.02845

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo