CVE-2016-0772

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

References

http://rhn.redhat.com/errata/RHSA-2016-1626.html

http://rhn.redhat.com/errata/RHSA-2016-1627.html

http://rhn.redhat.com/errata/RHSA-2016-1628.html

http://rhn.redhat.com/errata/RHSA-2016-1629.html

http://rhn.redhat.com/errata/RHSA-2016-1630.html

http://www.openwall.com/lists/oss-security/2016/06/14/9

http://www.securityfocus.com/bid/91225

http://www.splunk.com/view/SP-CAAAPSV

http://www.splunk.com/view/SP-CAAAPUE

https://bugzilla.redhat.com/show_bug.cgi?id=1303647

https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5

https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2

https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS

https://hg.python.org/cpython/rev/b3ce713fb9be

https://hg.python.org/cpython/rev/d590114c2394

https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html

https://security.gentoo.org/glsa/201701-18

Details

Source: MITRE

Published: 2016-09-02

Updated: 2019-02-09

Type: CWE-693

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Impact Score: 4.2

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
133259SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
133172openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
133036SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
124937EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)NessusHuawei Local Security Checks
critical
122036Debian DLA-1663-1 : python3.4 security updateNessusDebian Local Security Checks
critical
121570SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)NessusSuSE Local Security Checks
critical
99799EulerOS 2.0 SP1 : python (EulerOS-SA-2016-1036)NessusHuawei Local Security Checks
medium
97966Debian DLA-871-1 : python3.2 security updateNessusDebian Local Security Checks
medium
96399GLSA-201701-18 : Python: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
95284Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : python2.7, python3.2, python3.4, python3.5 vulnerabilities (USN-3134-1) (httpoxy)NessusUbuntu Local Security Checks
critical
94969SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2859-1) (httpoxy)NessusSuSE Local Security Checks
critical
94932Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or Splunk Light < 6.5.0 Multiple VulnerabilitiesNessusCGI abuses
critical
94321SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy)NessusSuSE Local Security Checks
critical
93438SUSE SLES11 Security Update : python (SUSE-SU-2016:2270-1) (httpoxy)NessusSuSE Local Security Checks
medium
93300SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2016:2106-1) (httpoxy)NessusSuSE Local Security Checks
critical
93072Scientific Linux Security Update : python on SL6.x, SL7.x i386/x86_64 (20160818) (httpoxy)NessusScientific Linux Local Security Checks
medium
93069openSUSE Security Update : python3 (openSUSE-2016-997) (httpoxy)NessusSuSE Local Security Checks
critical
93039RHEL 6 / 7 : python (RHSA-2016:1626) (httpoxy)NessusRed Hat Local Security Checks
medium
93038OracleVM 3.3 / 3.4 : python (OVMSA-2016-0099) (httpoxy)NessusOracleVM Local Security Checks
medium
93034Oracle Linux 6 / 7 : python (ELSA-2016-1626) (httpoxy)NessusOracle Linux Local Security Checks
medium
93029CentOS 6 / 7 : python (CESA-2016:1626) (httpoxy)NessusCentOS Local Security Checks
medium
92595openSUSE Security Update : python (openSUSE-2016-906)NessusSuSE Local Security Checks
critical
92471Amazon Linux AMI : python26 / python27,python34 (ALAS-2016-724)NessusAmazon Linux Local Security Checks
critical
92301Fedora 23 : python3 (2016-ef784cf9f7)NessusFedora Local Security Checks
medium
92295Fedora 22 : python (2016-e37f15a5f4)NessusFedora Local Security Checks
critical
92281Fedora 22 : pypy3 (2016-b046b56518)NessusFedora Local Security Checks
medium
92279Fedora 23 : pypy (2016-aae6bb9433)NessusFedora Local Security Checks
medium
92274Fedora 23 : python (2016-a0853405eb)NessusFedora Local Security Checks
medium
92254Fedora 24 : pypy3 (2016-6c2b74bb96)NessusFedora Local Security Checks
medium
92251Fedora 22 : python3 (2016-5c52dcfe47)NessusFedora Local Security Checks
critical
92240Fedora 23 : pypy3 (2016-34ca5273e9)NessusFedora Local Security Checks
medium
92231Fedora 24 : pypy (2016-13be2ee499)NessusFedora Local Security Checks
medium
92230Fedora 24 : python3 (2016-105b80d1be)NessusFedora Local Security Checks
medium
92070Fedora 24 : python (2016-2869023091)NessusFedora Local Security Checks
medium
91931FreeBSD : Python -- smtplib StartTLS stripping vulnerability (8d5368ef-40fe-11e6-b2ec-b499baebfeaf)NessusFreeBSD Local Security Checks
medium
91733Debian DLA-522-1 : python2.7 security updateNessusDebian Local Security Checks
critical