Vulnerabilities > CVE-2014-7274 - Cryptographic Issues vulnerability in Getmail 4.44.0

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
getmail
CWE-310
nessus

Summary

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.

Vulnerable Configurations

Part Description Count
Application
Getmail
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3091.NASL
    descriptionSeveral vulnerabilities have been discovered in getmail4, a mail retriever with support for POP3, IMAP4 and SDPS, that could allow man-in-the-middle attacks. - CVE-2014-7273 The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate. - CVE-2014-7274 The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject
    last seen2020-03-17
    modified2014-12-09
    plugin id79805
    published2014-12-09
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79805
    titleDebian DSA-3091-1 : getmail4 - security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3091. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79805);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-7273", "CVE-2014-7274", "CVE-2014-7275");
      script_bugtraq_id(70280, 70281, 70282);
      script_xref(name:"DSA", value:"3091");
    
      script_name(english:"Debian DSA-3091-1 : getmail4 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in getmail4, a mail
    retriever with support for POP3, IMAP4 and SDPS, that could allow
    man-in-the-middle attacks.
    
      - CVE-2014-7273
        The IMAP-over-SSL implementation in getmail 4.0.0
        through 4.43.0 does not verify X.509 certificates from
        SSL servers, which allows man-in-the-middle attackers to
        spoof IMAP servers and obtain sensitive information via
        a crafted certificate.
    
      - CVE-2014-7274
        The IMAP-over-SSL implementation in getmail 4.44.0 does
        not verify that the server hostname matches a domain
        name in the subject's Common Name (CN) field of the
        X.509 certificate, which allows man-in-the-middle
        attackers to spoof IMAP servers and obtain sensitive
        information via a crafted certificate from a recognized
        Certification Authority.
    
      - CVE-2014-7275
        The POP3-over-SSL implementation in getmail 4.0.0
        through 4.44.0 does not verify X.509 certificates from
        SSL servers, which allows man-in-the-middle attackers to
        spoof POP3 servers and obtain sensitive information via
        a crafted certificate."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766670"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-7273"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-7274"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-7275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/getmail4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2014/dsa-3091"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the getmail4 packages.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 4.46.0-1~deb7u1.
    
    For the upcoming stable distribution (jessie), these problems have
    been fixed in version 4.46.0-1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:getmail4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"getmail4", reference:"4.46.0-1~deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-598.NASL
    description - getmail 4.46.0 [bnc#900217] This release fixes several similar vulnerabilities that could allow a man-in-the-middle attacker to read encrypted traffic due to pack of certificate verification against the hostname. - fix --idle checking Python version incorrectly, resulting in incorrect warning about running with Python < 2.5 - add missing support for SSL certificate checking in POP3 which broke POP retrieval in v4.45.0 [CVE-2014-7275] - includes changes from 4.45.0 : - perform hostname-vs-certificate matching of SSL certificate if validating the certifcate [CVE-2014-7274] - fix missing plaintext versions of documentation - includes changes from 4.44.0 : - add extended SSL options for IMAP retrievers, allowing certificate verification and other features [CVE-2014-7273] - fix missing plaintext versions of documentation - fix
    last seen2020-06-05
    modified2014-10-23
    plugin id78635
    published2014-10-23
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78635
    titleopenSUSE Security Update : getmail (openSUSE-SU-2014:1315-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-598.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78635);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-7273", "CVE-2014-7274", "CVE-2014-7275");
    
      script_name(english:"openSUSE Security Update : getmail (openSUSE-SU-2014:1315-1)");
      script_summary(english:"Check for the openSUSE-2014-598 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - getmail 4.46.0 [bnc#900217] This release fixes several
        similar vulnerabilities that could allow a
        man-in-the-middle attacker to read encrypted traffic due
        to pack of certificate verification against the
        hostname.
    
      - fix --idle checking Python version incorrectly,
        resulting in incorrect warning about running with Python
        < 2.5
    
      - add missing support for SSL certificate checking in POP3
        which broke POP retrieval in v4.45.0 [CVE-2014-7275]
    
      - includes changes from 4.45.0 :
    
      - perform hostname-vs-certificate matching of SSL
        certificate if validating the certifcate [CVE-2014-7274]
    
      - fix missing plaintext versions of documentation
    
      - includes changes from 4.44.0 :
    
      - add extended SSL options for IMAP retrievers, allowing
        certificate verification and other features
        [CVE-2014-7273]
    
      - fix missing plaintext versions of documentation
    
      - fix 'Header instance has no attribute 'strip'' error
        which cropped up in some configurations"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=900217"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected getmail package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:getmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"getmail-4.46.0-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"getmail-4.46.0-2.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "getmail");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-50.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-50 (getmail: Information disclosure) Multiple vulnerabilities have been discovered in getmail. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a man-in-the-middle attack via multiple vectors to obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id80271
    published2014-12-29
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80271
    titleGLSA-201412-50 : getmail: Information disclosure
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-106.NASL
    descriptionSeveral vulnerabilities have been discovered in getmail4, a mail retriever with support for POP3, IMAP4 and SDPS, that could allow man-in-the-middle attacks. CVE-2014-7273 The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate. CVE-2014-7274 The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject
    last seen2020-03-17
    modified2015-03-26
    plugin id82090
    published2015-03-26
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82090
    titleDebian DLA-106-1 : getmail4 security update