PT-2018-10945 · Enigmail+1 · Enigmail+1

Marcus Brinkmann

Publicado

2018-06-13

Atualizado

2024-06-15

CVE-2018-12019

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Enigmail versions prior to 2.0.7

Description The issue concerns the signature verification routine, which incorrectly interprets user ids as status/control messages and fails to track the status of multiple signatures. This allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.

Recommendations For versions prior to 2.0.7, update to version 2.0.7 or later to resolve the issue.

Exploit

Correção

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-347

Identificadores relacionados

CVE-2018-12019

MGASA-2018-0316

MGASA-2018-0321

MGASA-2018-0354

OPENSUSE-SU-2018_1708-1

OPENSUSE-SU-2024:10736-1

SUSE-SU-2018:2243-1

Produtos afetados

Enigmail

Suse

PT-2018-10945 · Enigmail+1 · Enigmail+1

CVE-2018-12019

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43