Skip to content

RVD#1483: The smtplib library in Python 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails #1483

New issue
New issue
Open
Open
RVD#1483: The smtplib library in Python 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails#1483
Labels
robot component: Universal Robots Controllerrobot: UR10robot: UR3robot: UR5severity: high7.0 - 8.9vendor: Universal Robotsvulnerability
@glerapic

Description

@glerapic
glerapic
opened on Apr 3, 2020
{
    "id": 1483,
    "title": "RVD#1483: The smtplib library in Python 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails",
    "type": "vulnerability",
    "description": "The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"",
    "cwe": "CWE-693",
    "cve": "CVE-2016-0772",
    "keywords": [
        "Python"
    ],
    "system": "URx",
    "vendor": "Universal Robots",
    "severity": {
        "rvss-score": 7.2,
        "rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:L/I:H/A:N/H:N",
        "severity-description": "high",
        "cvss-score": 6.5,
        "cvss-vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"
    },
    "links": [
        "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0772",
        "http://www.openwall.com/lists/oss-security/2016/06/14/9",
        "http://www.securityfocus.com/bid/91225",
        "https://bugzilla.redhat.com/show_bug.cgi?id=1303647",
        "https://hg.python.org/cpython/rev/b3ce713fb9be",
        "https://hg.python.org/cpython/rev/d590114c2394",
        "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html",
        "https://github.com/aliasrobotics/RVD/issues/1483"
    ],
    "flaw": {
        "phase": "exploitation",
        "specificity": "N/A",
        "architectural-location": "application-specific",
        "application": "python",
        "subsystem": "N/A",
        "package": "python2.7-minimal 2.7.3-6+deb7u2 i386",
        "languages": "python",
        "date-detected": null,
        "detected-by": "Victor Mayoral Vilches and Lander Usategui San Juan (Alias Robotics)",
        "detected-by-method": "N/A",
        "date-reported": "2020-04-03",
        "reported-by": "Cedric Buissart (original bug), Alias Robotics S.L.",
        "reported-by-relationship": "Security researcher",
        "issue": "https://github.com/aliasrobotics/RVD/issues/1483",
        "reproducibility": "Always",
        "trace": "N/A",
        "reproduction": "Not available",
        "reproduction-image": "Not available"
    },
    "exploitation": {
        "description": "a man-in-the-middle attack to bypass the TLS protections might be performed by leveraging a network position between the client and the registry to block the StartTLS command, aka \"StartTLS stripping attack.\"",
        "exploitation-image": "Not available",
        "exploitation-vector": "Not available"
    },
    "mitigation": {
        "description": "sudo apt-get --assume-yes install --only-upgrade python2.7-minimal",
        "pull-request": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-0772",
        "date-mitigation": null
    }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    robot component: Universal Robots Controllerrobot: UR10robot: UR3robot: UR5severity: high7.0 - 8.9vendor: Universal Robotsvulnerability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions