CVE-2016-0772
Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
La librería smtplib en CPython (también conocido como Python) en versiones anteriores a 2.7.12, 3.x en versiones anteriores a 3.4.5 y 3.5.x en versiones anteriores a 3.5.2 no devuelve un error cuando StartTLS falla, lo que podría permitir a atacantes man-in-the-middle eludir las protecciones TLS mediante el aprovechamiento de una posición de red entre el cliente y el registro para bloquear el comando StartTLS, también conocido como un "ataque de decapado StartTLS".
It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-12-16 CVE Reserved
- 2016-07-03 First Exploit
- 2016-08-21 CVE Published
- 2024-03-17 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-693: Protection Mechanism Failure
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/06/14/9 | Mailing List |
|
| http://www.securityfocus.com/bid/91225 | Vdb Entry | |
| http://www.splunk.com/view/SP-CAAAPSV | X_refsource_confirm | |
| http://www.splunk.com/view/SP-CAAAPUE | X_refsource_confirm | |
| https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5 | Release Notes | |
| https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2 | Release Notes | |
| https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS | Release Notes | |
| https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/43500 | 2016-07-03 |
| URL | Date | SRC |
|---|---|---|
| https://hg.python.org/cpython/rev/b3ce713fb9be | 2019-02-09 | |
| https://hg.python.org/cpython/rev/d590114c2394 | 2019-02-09 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | 2019-02-09 | |
| http://rhn.redhat.com/errata/RHSA-2016-1626.html | 2019-02-09 | |
| http://rhn.redhat.com/errata/RHSA-2016-1627.html | 2019-02-09 | |
| http://rhn.redhat.com/errata/RHSA-2016-1628.html | 2019-02-09 | |
| http://rhn.redhat.com/errata/RHSA-2016-1629.html | 2019-02-09 | |
| http://rhn.redhat.com/errata/RHSA-2016-1630.html | 2019-02-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1303647 | 2016-08-18 | |
| https://security.gentoo.org/glsa/201701-18 | 2019-02-09 | |
| https://access.redhat.com/security/cve/CVE-2016-0772 | 2016-08-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.5.0 Search vendor "Python" for product "Python" and version "3.5.0" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.5.1 Search vendor "Python" for product "Python" and version "3.5.1" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.0 Search vendor "Python" for product "Python" and version "3.0" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.0.1 Search vendor "Python" for product "Python" and version "3.0.1" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.1.0 Search vendor "Python" for product "Python" and version "3.1.0" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.1.1 Search vendor "Python" for product "Python" and version "3.1.1" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.1.2 Search vendor "Python" for product "Python" and version "3.1.2" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.1.3 Search vendor "Python" for product "Python" and version "3.1.3" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.1.4 Search vendor "Python" for product "Python" and version "3.1.4" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.1.5 Search vendor "Python" for product "Python" and version "3.1.5" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.2.0 Search vendor "Python" for product "Python" and version "3.2.0" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.2.1 Search vendor "Python" for product "Python" and version "3.2.1" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.2.2 Search vendor "Python" for product "Python" and version "3.2.2" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.2.3 Search vendor "Python" for product "Python" and version "3.2.3" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.2.4 Search vendor "Python" for product "Python" and version "3.2.4" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.2.5 Search vendor "Python" for product "Python" and version "3.2.5" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.2.6 Search vendor "Python" for product "Python" and version "3.2.6" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.3.0 Search vendor "Python" for product "Python" and version "3.3.0" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.3.1 Search vendor "Python" for product "Python" and version "3.3.1" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.3.2 Search vendor "Python" for product "Python" and version "3.3.2" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.3.3 Search vendor "Python" for product "Python" and version "3.3.3" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.3.4 Search vendor "Python" for product "Python" and version "3.3.4" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.3.5 Search vendor "Python" for product "Python" and version "3.3.5" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.3.6 Search vendor "Python" for product "Python" and version "3.3.6" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.4.0 Search vendor "Python" for product "Python" and version "3.4.0" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.4.1 Search vendor "Python" for product "Python" and version "3.4.1" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.4.2 Search vendor "Python" for product "Python" and version "3.4.2" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.4.3 Search vendor "Python" for product "Python" and version "3.4.3" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.4.4 Search vendor "Python" for product "Python" and version "3.4.4" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | <= 2.7.11 Search vendor "Python" for product "Python" and version " <= 2.7.11" | - |
Affected
| ||||||