Vulnerabilities > CVE-2014-7274 - Cryptographic Issues vulnerability in Getmail 4.44.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3091.NASL description Several vulnerabilities have been discovered in getmail4, a mail retriever with support for POP3, IMAP4 and SDPS, that could allow man-in-the-middle attacks. - CVE-2014-7273 The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate. - CVE-2014-7274 The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject last seen 2020-03-17 modified 2014-12-09 plugin id 79805 published 2014-12-09 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79805 title Debian DSA-3091-1 : getmail4 - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3091. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(79805); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-7273", "CVE-2014-7274", "CVE-2014-7275"); script_bugtraq_id(70280, 70281, 70282); script_xref(name:"DSA", value:"3091"); script_name(english:"Debian DSA-3091-1 : getmail4 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in getmail4, a mail retriever with support for POP3, IMAP4 and SDPS, that could allow man-in-the-middle attacks. - CVE-2014-7273 The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate. - CVE-2014-7274 The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority. - CVE-2014-7275 The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766670" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-7273" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-7274" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-7275" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/getmail4" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-3091" ); script_set_attribute( attribute:"solution", value: "Upgrade the getmail4 packages. For the stable distribution (wheezy), these problems have been fixed in version 4.46.0-1~deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 4.46.0-1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:getmail4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"getmail4", reference:"4.46.0-1~deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-598.NASL description - getmail 4.46.0 [bnc#900217] This release fixes several similar vulnerabilities that could allow a man-in-the-middle attacker to read encrypted traffic due to pack of certificate verification against the hostname. - fix --idle checking Python version incorrectly, resulting in incorrect warning about running with Python < 2.5 - add missing support for SSL certificate checking in POP3 which broke POP retrieval in v4.45.0 [CVE-2014-7275] - includes changes from 4.45.0 : - perform hostname-vs-certificate matching of SSL certificate if validating the certifcate [CVE-2014-7274] - fix missing plaintext versions of documentation - includes changes from 4.44.0 : - add extended SSL options for IMAP retrievers, allowing certificate verification and other features [CVE-2014-7273] - fix missing plaintext versions of documentation - fix last seen 2020-06-05 modified 2014-10-23 plugin id 78635 published 2014-10-23 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78635 title openSUSE Security Update : getmail (openSUSE-SU-2014:1315-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-598. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(78635); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-7273", "CVE-2014-7274", "CVE-2014-7275"); script_name(english:"openSUSE Security Update : getmail (openSUSE-SU-2014:1315-1)"); script_summary(english:"Check for the openSUSE-2014-598 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - getmail 4.46.0 [bnc#900217] This release fixes several similar vulnerabilities that could allow a man-in-the-middle attacker to read encrypted traffic due to pack of certificate verification against the hostname. - fix --idle checking Python version incorrectly, resulting in incorrect warning about running with Python < 2.5 - add missing support for SSL certificate checking in POP3 which broke POP retrieval in v4.45.0 [CVE-2014-7275] - includes changes from 4.45.0 : - perform hostname-vs-certificate matching of SSL certificate if validating the certifcate [CVE-2014-7274] - fix missing plaintext versions of documentation - includes changes from 4.44.0 : - add extended SSL options for IMAP retrievers, allowing certificate verification and other features [CVE-2014-7273] - fix missing plaintext versions of documentation - fix 'Header instance has no attribute 'strip'' error which cropped up in some configurations" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=900217" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html" ); script_set_attribute( attribute:"solution", value:"Update the affected getmail package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:getmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"getmail-4.46.0-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"getmail-4.46.0-2.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "getmail"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-50.NASL description The remote host is affected by the vulnerability described in GLSA-201412-50 (getmail: Information disclosure) Multiple vulnerabilities have been discovered in getmail. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a man-in-the-middle attack via multiple vectors to obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 80271 published 2014-12-29 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80271 title GLSA-201412-50 : getmail: Information disclosure NASL family Debian Local Security Checks NASL id DEBIAN_DLA-106.NASL description Several vulnerabilities have been discovered in getmail4, a mail retriever with support for POP3, IMAP4 and SDPS, that could allow man-in-the-middle attacks. CVE-2014-7273 The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate. CVE-2014-7274 The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject last seen 2020-03-17 modified 2015-03-26 plugin id 82090 published 2015-03-26 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82090 title Debian DLA-106-1 : getmail4 security update