Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html
https://bugs.gentoo.org/728300
https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html
https://security.gentoo.org/glsa/202007-57
https://usn.ubuntu.com/4401-1/
Source: MITRE
Published: 2020-06-15
Updated: 2020-07-28
Type: CWE-200
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.2
Severity: MEDIUM
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
146703 | EulerOS 2.0 SP2 : mutt (EulerOS-SA-2021-1330) | Nessus | Huawei Local Security Checks | medium |
143462 | openSUSE Security Update : neomutt (openSUSE-2020-2127) | Nessus | SuSE Local Security Checks | medium |
142070 | EulerOS 2.0 SP5 : mutt (EulerOS-SA-2020-2258) | Nessus | Huawei Local Security Checks | medium |
140876 | EulerOS 2.0 SP3 : mutt (EulerOS-SA-2020-2109) | Nessus | Huawei Local Security Checks | medium |
139120 | GLSA-202007-57 : Mutt, Neomutt: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
138721 | openSUSE Security Update : mutt (openSUSE-2020-915) | Nessus | SuSE Local Security Checks | medium |
138713 | openSUSE Security Update : mutt (openSUSE-2020-903) | Nessus | SuSE Local Security Checks | medium |
138307 | SUSE SLES12 Security Update : mutt (SUSE-SU-2020:1794-1) | Nessus | SuSE Local Security Checks | medium |
138301 | SUSE SLED15 / SLES15 Security Update : mutt (SUSE-SU-2020:1771-1) | Nessus | SuSE Local Security Checks | medium |
137911 | Debian DLA-2268-2 : mutt regression update | Nessus | Debian Local Security Checks | medium |
137790 | FreeBSD : IMAP fcc/postpone machine-in-the-middle attack (5b397852-b1d0-11ea-a11c-4437e6ad11c4) | Nessus | FreeBSD Local Security Checks | medium |
137745 | Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : Mutt vulnerabilities (USN-4401-1) | Nessus | Ubuntu Local Security Checks | medium |
137731 | Debian DSA-4708-1 : neomutt - security update | Nessus | Debian Local Security Checks | medium |
137675 | Debian DSA-4707-1 : mutt - security update | Nessus | Debian Local Security Checks | medium |