Main Vulnerability Database Vulnerabilities #VU17765

#VU17765 Security restrictions bypass in msmtp - CVE-2019-8337

Published: February 19, 2019

Vulnerability identifier: #VU17765

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-8337

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
msmtp

Software vendor:
Martin Lambers

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the system.

The vulnerability exists due to improper certificate verification when the affected software uses the new system default value for the tls_trust_file command in its default configuration file. A remote attacker can send an email to an SMTP server and bypass certificate verification and conduct further attacks.

Remediation

Update to version 1.8.3.

External links

https://marlam.de/msmtp/news/

#VU17765 Security restrictions bypass in msmtp - CVE-2019-8337

Description

Remediation

External links

Please verify you're human