Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2018-15587

Published: 11/02/2019 Updated: 10/06/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

GNOME Evolution up to and including 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome evolution

debian debian linux 8.0

Vendor Advisories

Red Hat: Moderate: evolution security and bug fix update
Synopsis Moderate: evolution security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for evolution, evolution-data-server, and evolution-ews is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A ...
Red Hat: Moderate: evolution security and bug fix update
Synopsis Moderate: evolution security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for evolution, evolution-data-server, evolution-ews, and atk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Modera ...
Ubuntu Security Notice: evolution-data-server vulnerability
Evolution Data Server would sometimes display email content as encrypted when it was not ...
Debian CVElist Bug Report Logs: CVE-2018-15587: Signature Spoofing in PGP encrypted email
Debian Bug report logs - #924616 CVE-2018-15587: Signature Spoofing in PGP encrypted email Package: src:evolution; Maintainer for src:evolution is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 14 Mar 2019 22:21:02 UTC Severity: gr ...
Debian Security Advisories: DSA-4457-1 evolution -- security update
Hanno Böck discovered that Evolution was vulnerable to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email This issue was mitigated by moving the security bar with encryption and signature information above the message headers For the stable distribution (stretch), this problem has been fixed in version 3 ...
Amazon Linux 2: ALAS2-2020-1476
GNOME Evolution through 3282 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment (CVE-2018-15587) ...
Arch Linux Issues:
GNOME Evolution through 3282 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment ...

Mailing Lists

Full Disclosure: OpenPGP and S/MIME signature forgery attacks in multiple email clients
In the scope of academic research at Ruhr-University Bochum and Münster University of Applied Sciences, Germany, various vulnerabilities regarding the signature verification logic in OpenPGP and S/MIME capable email clients have been discovered While neither OpenPGP nor S/MIME are directly affected, email client implementations show a poor perfo ...
Full Disclosure: Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)
We demonstrate how an attacker can spoof email signatures in 70% of the tested clients, including Thunderbird, Outlook with GpgOL, KMail, Evolution, Trojitá, Apple Mail with GPGTools, Airmail, K-9 Mail, Roundcube and Mailpile Title: "Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures in Emails" To appear at USENIX Security '19 J ...

References

CWE-347https://bugzilla.gnome.org/show_bug.cgi?id=796424https://lists.debian.org/debian-lts-announce/2019/04/msg00027.htmlhttp://www.openwall.com/lists/oss-security/2019/04/30/4http://seclists.org/fulldisclosure/2019/Apr/38http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.htmlhttps://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdfhttps://github.com/RUB-NDS/Johnny-You-Are-Firedhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00061.htmlhttps://usn.ubuntu.com/3998-1/https://www.debian.org/security/2019/dsa-4457http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00024.htmlhttps://seclists.org/bugtraq/2019/Jun/7https://access.redhat.com/errata/RHSA-2020:1600https://nvd.nist.govhttps://usn.ubuntu.com/3998-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusionCVE-2023-38506CVE-2024-37198CVE-2023-45197CVE-2024-38621CVE-2024-30103elevation of privilegeCVE-2024-0044IMAP
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook