Lucene search
Ubuntu.comUB:CVE-2017-17689HistoryMay 16, 2018 - 12:00 a.m.
CVE-2017-17689
2018-05-1600:00:00
ubuntu.com
ubuntu.com
9
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.3%
The S/MIME specification allows a Cipher Block Chaining (CBC)
malleability-gadget attack that can indirectly lead to plaintext
exfiltration, aka EFAIL.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898633>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898634>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898631>
- <https://bugzilla.gnome.org/show_bug.cgi?id=796135>
Notes
| Author | Note |
|---|---|
| mdeslaur | evolution upstream doesnβt belive this is an issue, marking as not-affected in thunderbird, this was called CVE-2018-5162 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | kmail | <Β any | UNKNOWN |
| ubuntu | 20.04 | noarch | kmail | <Β any | UNKNOWN |
| ubuntu | 22.04 | noarch | kmail | <Β any | UNKNOWN |
| ubuntu | 23.10 | noarch | kmail | <Β any | UNKNOWN |
| ubuntu | 24.04 | noarch | kmail | <Β any | UNKNOWN |
| ubuntu | 17.10 | noarch | thunderbird | <Β 1:52.8.0+build1-0ubuntu0.17.10.1 | UNKNOWN |
| ubuntu | 18.04 | noarch | thunderbird | <Β 1:52.8.0+build1-0ubuntu0.18.04.1 | UNKNOWN |
| ubuntu | 18.10 | noarch | thunderbird | <Β 1:60.2.1+build1-0ubuntu1 | UNKNOWN |
| ubuntu | 19.04 | noarch | thunderbird | <Β 1:60.2.1+build1-0ubuntu1 | UNKNOWN |
| ubuntu | 19.10 | noarch | thunderbird | <Β 1:60.2.1+build1-0ubuntu1 | UNKNOWN |
Related
redhatcve
redhatcve
CVE-2017-17689
2018-05-14 12:51:25
CVE-2018-5162
2018-05-21 07:55:41
prion
prion
Design/Logic Flaw
2018-05-16 19:29:00
Information disclosure
2018-06-11 21:29:00
veracode
veracode
Information Disclosure
2020-09-21 06:21:46
Information Disclosure
2019-05-16 03:00:02
debiancve
debiancve
CVE-2017-17689
2018-05-16 19:29:00
CVE-2018-5162
2018-06-11 21:29:00
cve
cve
CVE-2017-17689
2018-05-16 19:29:00
CVE-2018-5162
2018-06-11 21:29:00
ubuntucve
ubuntucve
CVE-2018-5162
2018-05-23 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: thunderbird-enigmail-2.0.4-1.fc27
2018-05-27 19:51:43
[SECURITY] Fedora 26 Update: thunderbird-enigmail-2.0.4-1.fc26
2018-05-27 19:19:09
[SECURITY] Fedora 28 Update: thunderbird-enigmail-2.0.4-1.fc28
2018-05-24 13:59:48
seebug
seebug
OpenPGPγS/MIME information disclosure (CVE-2017-17688,CVE-2017-17689)
2018-05-16 00:00:00
suse
suse
Security update for enigmail (moderate)
2018-05-23 21:22:04
Security update for enigmail (moderate)
2018-05-17 18:07:05
Security update for enigmail (moderate)
2018-05-19 21:07:20
nessus
nessus
openSUSE Security Update : enigmail (openSUSE-2018-474) (EFAIL)
2018-05-21 00:00:00
openSUSE Security Update : enigmail (openSUSE-2019-368) (EFAIL)
2019-03-27 00:00:00
openSUSE Security Update : enigmail (openSUSE-2019-395) (EFAIL)
2019-03-27 00:00:00
openvas
openvas
Fedora Update for thunderbird-enigmail FEDORA-2018-25525a9346
2018-05-28 00:00:00
openSUSE: Security Advisory for enigmail (openSUSE-SU-2018:1330-1)
2018-05-18 00:00:00
openSUSE: Security Advisory for enigmail (openSUSE-SU-2018:1347-1)
2018-10-26 00:00:00
cert
cert
OpenPGP and S/MIME mail client vulnerabilities
2018-05-14 00:00:00
debian
debian
[SECURITY] [DSA 4244-1] thunderbird security update
2018-07-13 19:22:30
[SECURITY] [DLA 1382-1] thunderbird security update
2018-05-25 08:38:38
[SECURITY] [DSA 4209-1] thunderbird security update
2018-05-25 04:58:06
archlinux
archlinux
[ASA-201805-21] thunderbird: multiple issues
2018-05-21 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2018-05-30 22:55:44
oraclelinux
oraclelinux
thunderbird security update
2018-05-24 00:00:00
thunderbird security update
2018-05-24 00:00:00
redhat
redhat
(RHSA-2018:1726) Important: thunderbird security update
2018-05-24 18:29:56
(RHSA-2018:1725) Important: thunderbird security update
2018-05-24 18:29:53
centos
centos
thunderbird security update
2018-05-25 16:39:54
thunderbird security update
2018-05-29 17:26:47
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 52.8.0-alt1
2018-05-19 00:00:00
osv
osv
thunderbird - security update
2018-05-25 00:00:00
thunderbird - security update
2018-05-25 00:00:00
amazon
amazon
Critical: thunderbird
2018-06-07 23:30:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2018-05-25 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird 52.8 β Mozilla
2018-05-18 00:00:00
kaspersky
kaspersky
KLA11251 Multiple vulnerabilities in Mozilla Thunderbird
2018-05-18 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2018-11-24 00:00:00
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.3%
Related for UB:CVE-2017-17689