Main Vulnerability Database Vulnerabilities #VU17765

Security restrictions bypass in msmtp - CVE-2019-8337

Published: February 19, 2019

Vulnerability identifier: #VU17765

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-8337

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Martin Lambers

Affected software:
msmtp

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the system.

The vulnerability exists due to improper certificate verification when the affected software uses the new system default value for the tls_trust_file command in its default configuration file. A remote attacker can send an email to an SMTP server and bypass certificate verification and conduct further attacks.

How to mitigate CVE-2019-8337

Update to version 1.8.3.

Sources

https://marlam.de/msmtp/news/

Security restrictions bypass in msmtp - CVE-2019-8337

Detailed vulnerability description

How to mitigate CVE-2019-8337

Sources

Please verify you're human