Man-in-the-middle attack in GNOME Evolution Data Server



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-10727
CWE-ID CWE-300
Exploitation vector Local network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
 GNOME Evolution Data Server
Server applications / Web servers

Vendor Gnome Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Man-in-the-middle attack

EUVDB-ID: #VU14024

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2016-10727

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack..

The vulnerability exists in the IMAPx component of GNOME Evolution Data Server due to the IMAPx component, as defined in the camel/providers/imapx/camel-imapx-server.c source code file of the affected software, does not support STARTTLS. An adjacent attacker can sniff network traffic between the two systems and gain access to sensitive information, such as the user's password, to conduct further attacks.

Mitigation

Update to version 3.21.2.

Vulnerable software versions

GNOME Evolution Data Server: 3.0 - 3.21.1

CPE2.3 External links

https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###