CVE-2018-12019 - OpenCVE

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Enigmail	Enigmail

Configuration 1 [-]

cpe:2.3:a:enigmail:enigmail:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://openwall.com/lists/oss-security/2018/06/13/10
http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
http://seclists.org/fulldisclosure/2019/Apr/38
http://www.openwall.com/lists/oss-security/2019/04/30/4
https://github.com/RUB-NDS/Johnny-You-Are-Fired
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
https://www.enigmail.net/index.php/en/download/changelog

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-06-13T23:00:00

Updated: 2024-08-05T08:24:03.616Z

Reserved: 2018-06-07T00:00:00

Link: CVE-2018-12019

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-13T23:29:00.393

Modified: 2019-05-16T18:29:00.297

Link: CVE-2018-12019

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-16T17:11:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://openwall.com/lists/oss-security/2018/06/13/10"}, {"tags": ["x_refsource_MISC"], "url": "https://www.enigmail.net/index.php/en/download/changelog"}, {"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"}, {"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Apr/38"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12019", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://openwall.com/lists/oss-security/2018/06/13/10", "refsource": "MISC", "url": "http://openwall.com/lists/oss-security/2018/06/13/10"}, {"name": "https://www.enigmail.net/index.php/en/download/changelog", "refsource": "MISC", "url": "https://www.enigmail.net/index.php/en/download/changelog"}, {"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"}, {"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Apr/38"}, {"name": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"}, {"name": "https://github.com/RUB-NDS/Johnny-You-Are-Fired", "refsource": "MISC", "url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"}, {"name": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf", "refsource": "MISC", "url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:24:03.616Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2018/06/13/10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.enigmail.net/index.php/en/download/changelog"}, {"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"}, {"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Apr/38"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-12019", "datePublished": "2018-06-13T23:00:00", "dateReserved": "2018-06-07T00:00:00", "dateUpdated": "2024-08-05T08:24:03.616Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:enigmail:enigmail:*:*:*:*:*:*:*:*", "matchCriteriaId": "03CF0EC6-42AC-4E77-B14D-1E605038A42F", "versionEndExcluding": "2.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids."}, {"lang": "es", "value": "La rutina de verificaci\u00f3n de firmas en Enigmail en versiones anteriores a la 2.0.7 interpreta los ID de usuario como mensajes de estado/control y no mantiene correctamente el control sobre el estado de m\u00faltiples firmas. Esto permite que atacantes remotos suplanten firmas de email arbitrarias mediante claves p\u00fablicas que contienen ID de usuario primario manipulados."}], "id": "CVE-2018-12019", "lastModified": "2019-05-16T18:29:00.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-13T23:29:00.393", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2018/06/13/10"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Apr/38"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"}, {"source": "cve@mitre.org", "url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"}, {"source": "cve@mitre.org", "url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.enigmail.net/index.php/en/download/changelog"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}