#VU17765 Security restrictions bypass in msmtp
Vulnerability identifier: #VU17765
Vulnerability risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
msmtp
Server applications /
Mail servers
Vendor: Martin Lambers
Description
The vulnerability allows a remote authenticated attacker to bypass security restrictions on the system.
The vulnerability exists due to improper certificate verification when the affected software uses the new system default value for the tls_trust_file command in its default configuration file. A remote attacker can send an email to an SMTP server and bypass certificate verification and conduct further attacks.
Mitigation
Update to version 1.8.3.
Vulnerable software versions
msmtp: 1.8.2
External links
http://marlam.de/msmtp/news/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
