Vulnerability Name:

CVE-2020-14928 (CCN-185696)

Assigned:2020-07-04
Published:2020-07-04
Updated:2020-08-14
Summary:evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-74
CWE-20
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-14928

Source: CCN
Type: Bugzilla - Bug 1173910
(CVE-2020-14928) VUL-0: CVE-2020-14928: evolution-data-server: Response Injection via STARTTLS in SMTP and POP3

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1173910

Source: XF
Type: UNKNOWN
eds-cve202014928-sec-bypass(185696)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df

Source: CCN
Type: evolution-data-server GIT Repository
I#226 - CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3

Source: CONFIRM
Type: Patch, Third Party Advisory
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac

Source: MISC
Type: Exploit, Third Party Advisory
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226

Source: CONFIRM
Type: Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-45041afb19

Source: CONFIRM
Type: Third Party Advisory
https://security-tracker.debian.org/tracker/DLA-2281-1

Source: CONFIRM
Type: Third Party Advisory
https://security-tracker.debian.org/tracker/DSA-4725-1

Source: UBUNTU
Type: Third Party Advisory
USN-4429-1

Source: DEBIAN
Type: Third Party Advisory
DSA-4725

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnome:evolution-data-server:*:*:*:*:*:*:*:* (Version <= 3.36.3)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnome:evolution-data-server:3.36.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:656
    P
    		Security update for protobuf (Moderate) (in QA)
    2022-10-06
    oval:org.opensuse.security:def:3555
    P
    		libXdmcp6-1.1.1-12.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95185
    P
    		evolution-data-server-3.42.4-150400.1.7 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:5992
    P
    		Security update for zlib (Important)
    2022-03-29
    oval:org.opensuse.security:def:102253
    P
    		Security update for cyrus-sasl (Important)
    2022-03-07
    oval:org.opensuse.security:def:102250
    P
    		Security update for python-Twisted (Important)
    2022-02-18
    oval:org.opensuse.security:def:112203
    P
    		evolution-data-server-3.40.4-1.4 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105734
    P
    		evolution-data-server-3.40.4-1.4 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:2379
    P
    		evolution-data-server-3.34.4-3.3.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63468
    P
    		evolution-data-server-3.34.4-3.3.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:5989
    P
    		Security update for zabbix (Moderate)
    2021-03-30
    oval:org.opensuse.security:def:111294
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-27
    oval:org.opensuse.security:def:67078
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:108919
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:95540
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:119815
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:103009
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:67081
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:10675
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:109675
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:97342
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:96337
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:70815
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:76146
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:97345
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:108916
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:95537
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:76149
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-24
    oval:org.opensuse.security:def:61114
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:35292
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:5200
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:61115
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:26213
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:6321
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:35291
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:6322
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:com.redhat.rhsa:def:20204649
    P
    		RHSA-2020:4649: evolution security and bug fix update (Low)
    2020-11-04
    BACK
    gnome evolution-data-server *
    debian debian linux 9.0
    debian debian linux 10.0
    fedoraproject fedora 31
    canonical ubuntu linux 16.04
    canonical ubuntu linux 18.04
    canonical ubuntu linux 20.04
    gnome evolution-data-server 3.36.3