Lucene search
PRIOn knowledge basePRION:CVE-2017-17847HistoryDec 27, 2017 - 5:08 p.m.
Format string
2017-12-2717:08:00
PRIOn knowledge base
www.prio-n.com
5
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 8.0 | |
| debian_linux | eq | 9.0 | |
| enigmail | lt | 1.9.9 |
References
enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
lists.debian.org/debian-lts-announce/2017/12/msg00021.html
lists.debian.org/debian-security-announce/2017/msg00333.html
sourceforge.net/p/enigmail/bugs/709/
www.debian.org/security/2017/dsa-4070
www.mail-archive.com/[email protected]/msg04280.html
Related
cve
cve
CVE-2017-17847
2017-12-27 17:08:19
CVE-2017-17848
2017-12-27 17:08:19
debiancve
debiancve
CVE-2017-17847
2017-12-27 17:08:19
CVE-2017-17848
2017-12-27 17:08:19
cvelist
cvelist
CVE-2017-17847
2017-12-22 23:00:00
CVE-2017-17848
2017-12-22 23:00:00
ubuntucve
ubuntucve
CVE-2017-17847
2017-12-27 00:00:00
CVE-2017-17848
2017-12-27 00:00:00
nvd
nvd
CVE-2017-17847
2017-12-27 17:08:19
CVE-2017-17848
2017-12-27 17:08:19
prion
prion
Code injection
2017-12-27 17:08:00
osv
osv
enigmail - security update
2017-12-23 00:00:00
enigmail - security update
2017-12-21 00:00:00
nessus
nessus
Debian DLA-1219-1 : enigmail security update
2017-12-26 00:00:00
Debian DSA-4070-1 : enigmail - security update
2017-12-26 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4070-1)
2017-12-20 00:00:00
Debian: Security Advisory (DLA-1219-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2017-0477)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DLA 1219-1] enigmail security update
2017-12-23 11:35:08
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2017-12-31 03:10:15