6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
76.4%
python smtplib starttls stripping attack
Python’s implementation of smtplib
fails to raise an exception upon an unexpected response during negotiation of tls via the starttls protocol. This allows a MiTM capable of injecting smtp messages to force smtplib to silently abort tls negotiation proceeding to transmit cleartext. (impacting confidentiality)
For more details see [1]
potentially affects a variety of open source projects from Django, web2py, …
initially reported to python PSRT (timeline see [1]) with details, PoC [2] and patch [2]. The patch was accepted and recently landed in python 2.7/3.x [3,4].
full details and the actual research material that was securely disclosed to Python PSRT will be made available at [1] (currently a preliminary vulnerability note)
the PoC striptls
[2] is a generic protocol independent tls interception proxy written in python that is also capable of probing for various starttls stripping vectors in smtp, pop3, imap, ftp, xmpp, acap and irc. It is also available via pip install striptls
(pretty handy for sniffing/proxying proprietary protocols based on top of implicit/explicit tls)
Vendor announcements: [5,6,7]
the preliminary vulnerability note [1] will be updated in accordance with the Python software release scheduled for June 26th.
[1] https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-0772
[2] https://github.com/tintinweb/striptls
[3] https://hg.python.org/cpython/rev/d590114c2394
[4] https://hg.python.org/cpython/rev/b3ce713fb9be
[5] http://www.openwall.com/lists/oss-security/2016/06/14/9
[6] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0772
[7] https://access.redhat.com/security/cve/cve-2016-0772
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
76.4%