Vulnerabilities > CVE-2005-3256 - Unspecified vulnerability in Enigmail

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
enigmail
nessus

Summary

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-889.NASL
    descriptionHadmut Danish discovered a bug in enigmail, GPG support for Mozilla MailNews and Mozilla Thunderbird, that can lead to the encryption of mail with the wrong public key, hence, potential disclosure of confidential data to others.
    last seen2020-06-01
    modified2020-06-02
    plugin id22755
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22755
    titleDebian DSA-889-1 : enigmail - programming error
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-889. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22755);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2005-3256");
      script_xref(name:"CERT", value:"805121");
      script_xref(name:"DSA", value:"889");
    
      script_name(english:"Debian DSA-889-1 : enigmail - programming error");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Hadmut Danish discovered a bug in enigmail, GPG support for Mozilla
    MailNews and Mozilla Thunderbird, that can lead to the encryption of
    mail with the wrong public key, hence, potential disclosure of
    confidential data to others."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=335731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2005/dsa-889"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the enigmail packages.
    
    The old stable distribution (woody) does not contain enigmail
    packages.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 0.91-4sarge2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:enigmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/11/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"mozilla-enigmail", reference:"0.91-4sarge2")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-thunderbird-enigmail", reference:"0.91-4sarge2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-211-1.NASL
    descriptionHadmut Danish discovered an information disclosure vulnerability in the key selection dialog of the Mozilla/Thunderbird enigmail plugin. If a user
    last seen2020-06-01
    modified2020-06-02
    plugin id20629
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20629
    titleUbuntu 4.10 / 5.04 / 5.10 : enigmail vulnerability (USN-211-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-211-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20629);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2005-3256");
      script_xref(name:"USN", value:"211-1");
    
      script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : enigmail vulnerability (USN-211-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Hadmut Danish discovered an information disclosure vulnerability in
    the key selection dialog of the Mozilla/Thunderbird enigmail plugin.
    If a user's keyring contained a key with an empty user id (i. e. a key
    without a name and email address), this key was selected by default
    when the user attempted to send an encrypted email. Unless this empty
    key was manually deselected, the message got encrypted for that empty
    key, whose owner could then decrypt it.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected mozilla-enigmail and / or
    mozilla-thunderbird-enigmail packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-enigmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/10/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-enigmail", pkgver:"0.92.1-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-thunderbird-enigmail", pkgver:"0.92.1-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-enigmail", pkgver:"0.92.1-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-thunderbird-enigmail", pkgver:"0.92.1-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"mozilla-enigmail", pkgver:"0.92.1-0ubuntu05.10")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"mozilla-thunderbird-enigmail", pkgver:"0.92.1-0ubuntu05.10")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-enigmail / mozilla-thunderbird-enigmail");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-226.NASL
    descriptionA bug in enigmail, the GPG support extension for Mozilla MailNews and Mozilla Thunderbird was discovered that could lead to the encryption of an email with the wrong public key. This could potentially disclose confidential data to unintended recipients. The updated packages have been patched to prevent this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id20457
    published2006-01-15
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20457
    titleMandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:226)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:226. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20457);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2005-3256");
      script_bugtraq_id(15155);
      script_xref(name:"MDKSA", value:"2005:226");
    
      script_name(english:"Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:226)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A bug in enigmail, the GPG support extension for Mozilla MailNews and
    Mozilla Thunderbird was discovered that could lead to the encryption
    of an email with the wrong public key. This could potentially disclose
    confidential data to unintended recipients.
    
    The updated packages have been patched to prevent this problem."
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected mozilla-thunderbird, mozilla-thunderbird-enigmail
    and / or mozilla-thunderbird-enigmime packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmime");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2006.0", reference:"mozilla-thunderbird-1.0.6-7.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"mozilla-thunderbird-enigmail-1.0.6-7.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"mozilla-thunderbird-enigmime-1.0.6-7.2.20060mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");