109 matches found
[SECURITY] Fedora 31 Update: libetpan-1.9.3-3.fc31
The purpose of this mail library is to provide a portable, efficient middle -ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailbo xes...
[SECURITY] Fedora 32 Update: libetpan-1.9.4-4.fc32
The purpose of this mail library is to provide a portable, efficient middle -ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailbo xes...
Fedora: Security Advisory for libetpan (FEDORA-2020-13ae5f7221)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 32 : libetpan (2020-13ae5f7221)
A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description bloc...
Fedora: Security Advisory for libetpan (FEDORA-2020-44e52ef729)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : libetpan (2020-44e52ef729)
A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description bloc...
Debian DLA-2329-1 : libetpan security update
In libEtPan, a mail library, a STARTTLS response injection was discovered that affects IMAP, SMTP, and POP3. For Debian 9 stretch, this problem has been fixed in version 1.6-3+deb9u1. We recommend that you upgrade your libetpan packages. For the detailed security status of libetpan please refer t...
Debian: Security Advisory (DLA-2329-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-2329-1 libetpan - security update
Bulletin has no description...
GLSA-202007-55 : libetpan: Improper STARTTLS handling
The remote host is affected by the vulnerability described in GLSA-202007-55 libetpan: Improper STARTTLS handling It was discovered that libetpan was not properly handling state within the STARTTLS protocol handshake. Impact : There may be a breach of integrity or confidentiality in connections...
CRLF Injection
libetpan is vulnerable to CRLF Injection. Due to STARTTLS buffering issue affecting IMAP, SMTP, and POP3, a man-in-the-middle can inject additional data in "begin TLS" response from the server...
libetpan: Improper STARTTLS handling
Background libetpan is a portable, efficient middleware for different kinds of mail access. Description It was discovered that libetpan was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using...
LibEtPan Injection Vulnerability
LibEtPan is a library from the developers of Hoà V. DINH software that provides a portable framework for a wide range of mail accesses such as IMAP, SMTP, POP and NNTP. An injection vulnerability exists in LibEtPan 1.9.4 and earlier versions, which can be exploited by an attacker to conduct a...
CVE-2020-15953
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...
CVE-2020-15953
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...
DEBIAN-CVE-2020-15953
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...
CVE-2020-15953
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...
Design/Logic Flaw
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...
UBUNTU-CVE-2020-15953
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...
CVE-2020-15953
LibEtPan ≤ 1.9.4 (used in MailCore 2 ≤ 0.6.3 and related products) contains a STARTTLS buffering issue that enables response injection during TLS negotiation across IMAP, SMTP, and POP3. The root cause is improper handling when a server responds with begin TLS, causing the client to read extra da...