CVE-2019-16378

Опубликовано: 17 сент. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.

Ссылки

http://www.openwall.com/lists/oss-security/2019/09/17/2
Mailing List
https://bugs.debian.org/940081
Mailing List
Third Party Advisory
https://github.com/trusteddomainproject/OpenDMARC/pull/48
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEWDFGRKQHIWKFZH5BNWQDGUPNR7VH3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUBIHJLMPMB6KHOSGDMUQKSAW4HOCYM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7RT6ID7MBCEPNZEIUKK2TZIOCYPJR6E/
https://seclists.org/bugtraq/2019/Sep/36
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4567-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4526
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/09/11/8
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/09/17/2
Mailing List
https://bugs.debian.org/940081
Mailing List
Third Party Advisory
https://github.com/trusteddomainproject/OpenDMARC/pull/48
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEWDFGRKQHIWKFZH5BNWQDGUPNR7VH3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUBIHJLMPMB6KHOSGDMUQKSAW4HOCYM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7RT6ID7MBCEPNZEIUKK2TZIOCYPJR6E/
https://seclists.org/bugtraq/2019/Sep/36
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4567-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4526
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/09/11/8
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:trusteddomain:opendmarc:*:*:*:*:*:*:*:*

Версия до 1.3.2 (включая)

cpe:2.3:a:trusteddomain:opendmarc:1.4.0:beta:*:*:*:*:*:*

cpe:2.3:a:trusteddomain:opendmarc:1.4.0:beta1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 79%

0.0125

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-290

Связанные уязвимости

CVE-2019-16378

CVSS3: 9.8

ubuntu

больше 6 лет назад

CVE-2019-16378

CVSS3: 9.8

debian

больше 6 лет назад

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a si ...

GHSA-x9f6-xw7x-fm76

CVSS3: 9.8

github

больше 3 лет назад

BDU:2019-04704

CVSS3: 9.8

fstec

больше 6 лет назад

Уязвимость спецификации доменной аутентификации сообщений, отчетности и соответствия opendmark, связанная с обходом аутентификации посредством спуфинга, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

EPSS

Процентиль: 79%

0.0125

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-290