Lucene search

[email protected]CVE-2005-3256

HistoryOct 18, 2005 - 9:02 p.m.

CVE-2005-3256

2005-10-1821:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3256

nvd

enigmail

decryption

security issue

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.1%

JSON

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.

CPENameOperatorVersion
enigmail:enigmailenigmaille0.92.0

CPE	Name	Operator	Version
enigmail:enigmail	enigmail	le	0.92.0

References

www.cert.dfn.de/infoserv/dsb/dsb-2005-01.html

www.debian.org/security/2005/dsa-889

www.kb.cert.org/vuls/id/805121

www.mandriva.com/security/advisories?name=MDKSA-2005:226

www.novell.com/linux/security/advisories/2005_28_sr.html

www.securityfocus.com/bid/15155

www.vupen.com/english/advisories/2005/2158

usn.ubuntu.com/211-1/

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.1%

JSON

Related for CVE-2005-3256

ubuntucve1 nessus3 debiancve1 debian2 osv1 openvas4 securityvulns1 ubuntu1