PT-2018-2971 · Gnome+5 · Gnome Evolution+5

Hanno Böck

Publicado

2018-05-27

Atualizado

2024-06-15

CVE-2018-15587

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions GNOME Evolution versions 3.28.2 and earlier

Description The issue is related to the incorrect verification of OpenPGP signatures, allowing an attacker to spoof signatures for arbitrary messages. This can be achieved by sending a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. The vulnerability may allow a remote attacker to impact data integrity.

Recommendations For GNOME Evolution versions 3.28.2 and earlier, consider disabling the use of OpenPGP signatures until a patch is available. Restrict the handling of attachments that contain valid signatures to minimize the risk of exploitation.

Exploit

Correção

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-347

Identificadores relacionados

ALT-PU-2018-1911

BDU:2019-02900

CESA-2020_1080

CESA-2020_1600

CVE-2018-15587

DLA-1766-1

DSA-4457-1

OPENSUSE-SU-2019:1431-1

OPENSUSE-SU-2019:1453-1

OPENSUSE-SU-2019_1431-1

OPENSUSE-SU-2019_1453-1

OPENSUSE-SU-2019_1528-1

OPENSUSE-SU-2024:10743-1

RHSA-2020:1080

RHSA-2020:1600

RHSA-2020_1080

RHSA-2020_1600

SUSE-SU-2019:1266-1

SUSE-SU-2019:1266-2

SUSE-SU-2019:1391-1

SUSE-SU-2019:1391-2

SUSE-SU-2019_1266-1

SUSE-SU-2019_1266-2

SUSE-SU-2019_1391-1

SUSE-SU-2019_1391-2

USN-3998-1

Produtos afetados

Alt Linux

Centos

Gnome Evolution

Red Hat

Suse

Ubuntu

PT-2018-2971 · Gnome+5 · Gnome Evolution+5

CVE-2018-15587

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 82