LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4598-1 advisory.

    It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote     attacker could possibly use this issue to perform a response injection attack. (CVE-2020-15953)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for libetpan fixes the following issues :

Update to 1.9.4 (boo#1174579, CVE-2020-15953) :

  - Bugfixes on QUOTA

  - Varios warning fixes & build fixes 

Update to version 1.9.3

  - Added IMAP CLIENTID / SMTP CLIENTID support

  - Use Cyrus SASL 2.1.27

Update to version 1.9.2

  - Support of TLS SNI

  - LMDB for cache DB

  - Fixed build with recent versions of curl

A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

In libEtPan, a mail library, a STARTTLS response injection was discovered that affects IMAP, SMTP, and POP3.

For Debian 9 stretch, this problem has been fixed in version 1.6-3+deb9u1.

We recommend that you upgrade your libetpan packages.

For the detailed security status of libetpan please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libetpan

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202007-55 (libetpan: Improper STARTTLS handling)

    It was discovered that libetpan was not properly handling state within       the STARTTLS protocol handshake.
  Impact :

    There may be a breach of integrity or confidentiality in connections       made using libetpan with STARTTLS.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
141821	Ubuntu 16.04 LTS : LibEtPan vulnerability (USN-4598-1)	Nessus	Ubuntu Local Security Checks	high
140684	openSUSE Security Update : libetpan (openSUSE-2020-1454)	Nessus	SuSE Local Security Checks	high
139678	Fedora 31 : libetpan (2020-44e52ef729)	Nessus	Fedora Local Security Checks	high
139676	Fedora 32 : libetpan (2020-13ae5f7221)	Nessus	Fedora Local Security Checks	high
139627	Debian DLA-2329-1 : libetpan security update	Nessus	Debian Local Security Checks	high
139118	GLSA-202007-55 : libetpan: Improper STARTTLS handling	Nessus	Gentoo Local Security Checks	high

Detections

Analytics

CVE-2020-15953

high

Tenable Plugins

high

high

high

high

high

high