Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-15042
HistoryOct 05, 2017 - 12:00 a.m.

CVE-2017-15042

2017-10-0500:00:00
ubuntu.com
ubuntu.com
15

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

68.9%

An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before
1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only
be used on network connections secured with TLS. The original
implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and
it was documented to do so. In 2013, upstream issue #5184, this was changed
so that the server may decide whether PLAIN is acceptable. The result is
that if you set up a man-in-the-middle SMTP server that doesn’t advertise
STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth
implementation sends the username and password.

Notes

Author Note
mdeslaur Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays.
OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchgolang-1.6< anyUNKNOWN
ubuntu18.04noarchgolang-1.8< anyUNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

68.9%