Oval Definition:	oval:com.ubuntu.cosmic:def:2017150420000000
Revision Date: 2017-10-05 Version: 1 Title: CVE-2017-15042 on Ubuntu 18.10 (cosmic) - low. Description: An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-15042 Platform(s): Ubuntu 18.10 Product(s): Definition Synopsis Ubuntu 18.10 (cosmic) is installed. AND Package Information golang-1.7: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR golang-1.8: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR golang-1.9 package in cosmic, is related to the CVE in some way and has been fixed (note: '1.9.4-1ubuntu1').
BACK