Bug 1303647 (CVE-2016-0772) - CVE-2016-0772 python: smtplib StartTLS stripping attack
Summary: CVE-2016-0772 python: smtplib StartTLS stripping attack
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-0772
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1346344 1346345 1346346 1346354 1346355 1346356 1346357 1346358 1346359 1346360 1346361 1348973 1351679 1351680 1351681 1351682 1351684
Blocks: 1303701
TreeView+ depends on / blocked
 
Reported: 2016-02-01 15:04 UTC by Adam Mariš
Modified: 2019-09-29 13:43 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer.
Clone Of:
Environment:
Last Closed: 2016-08-18 20:56:15 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1626 0 normal SHIPPED_LIVE Moderate: python security update 2016-08-18 22:39:32 UTC
Red Hat Product Errata RHSA-2016:1627 0 normal SHIPPED_LIVE Moderate: rh-python35-python security update 2016-08-18 21:57:16 UTC
Red Hat Product Errata RHSA-2016:1628 0 normal SHIPPED_LIVE Moderate: python27-python security update 2016-08-19 00:07:06 UTC
Red Hat Product Errata RHSA-2016:1629 0 normal SHIPPED_LIVE Moderate: python33-python security update 2016-08-19 00:26:12 UTC
Red Hat Product Errata RHSA-2016:1630 0 normal SHIPPED_LIVE Moderate: rh-python34-python security update 2016-08-19 00:25:58 UTC

Description Adam Mariš 2016-02-01 15:04:23 UTC
A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS.

Comment 7 Cedric Buissart 2016-06-13 11:19:31 UTC
Patch :

Branch 2.7 : https://hg.python.org/cpython/rev/b3ce713fb9be
Branch 3.4 : https://hg.python.org/cpython/rev/d590114c2394

Comment 9 Cedric Buissart 2016-06-14 15:10:03 UTC
Created python tracking bugs for this issue:

Affects: fedora-all [bug 1346344]

Comment 10 Cedric Buissart 2016-06-14 15:10:09 UTC
Created python26 tracking bugs for this issue:

Affects: epel-5 [bug 1346346]

Comment 11 Cedric Buissart 2016-06-14 15:10:14 UTC
Created python3 tracking bugs for this issue:

Affects: fedora-all [bug 1346345]

Comment 12 Cedric Buissart 2016-06-14 15:14:19 UTC
Unembargoing : flaw and patch are now public

Comment 20 Cedric Buissart 2016-06-22 12:25:35 UTC
Created python34 tracking bugs for this issue:

Affects: epel-7 [bug 1348973]

Comment 21 Fedora Update System 2016-06-23 17:53:42 UTC
python-2.7.11-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2016-06-24 23:22:20 UTC
python-2.7.11-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 23 Miro Hrončok 2016-06-30 12:34:51 UTC
pypy and pypy3 in Fedora are affected as well

Comment 24 Cedric Buissart 2016-06-30 14:46:55 UTC
Created pypy tracking bugs for this issue:

Affects: fedora-all [bug 1351679]

Comment 25 Cedric Buissart 2016-06-30 14:47:08 UTC
Created pypy3 tracking bugs for this issue:

Affects: fedora-all [bug 1351680]

Comment 26 Cedric Buissart 2016-06-30 14:49:45 UTC
Created pypy tracking bugs for this issue:

Affects: epel-5 [bug 1351681]
Affects: epel-6 [bug 1351682]
Affects: epel-7 [bug 1351684]

Comment 27 Fedora Update System 2016-06-30 21:28:53 UTC
python3-3.5.1-9.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 28 Fedora Update System 2016-07-05 04:54:33 UTC
pypy3-2.4.0-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 29 Fedora Update System 2016-07-05 04:55:57 UTC
pypy-5.0.1-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 30 Fedora Update System 2016-07-05 08:23:48 UTC
pypy-4.0.1-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 31 Fedora Update System 2016-07-05 08:24:37 UTC
python3-3.4.3-9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 32 Fedora Update System 2016-07-11 23:19:14 UTC
pypy-5.0.1-3.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 33 Fedora Update System 2016-07-12 02:20:34 UTC
pypy3-2.4.0-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 34 Fedora Update System 2016-07-12 02:22:17 UTC
python-2.7.10-10.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 35 Fedora Update System 2016-07-12 02:22:56 UTC
python3-3.4.2-8.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 36 Fedora Update System 2016-07-12 02:24:29 UTC
pypy3-2.4.0-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 37 Fedora Update System 2016-07-30 18:20:29 UTC
python34-3.4.3-5.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 38 errata-xmlrpc 2016-08-18 18:04:13 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS

Via RHSA-2016:1627 https://rhn.redhat.com/errata/RHSA-2016-1627.html

Comment 39 errata-xmlrpc 2016-08-18 18:39:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2016:1626 https://rhn.redhat.com/errata/RHSA-2016-1626.html

Comment 40 errata-xmlrpc 2016-08-18 20:08:35 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2016:1628 https://rhn.redhat.com/errata/RHSA-2016-1628.html

Comment 41 errata-xmlrpc 2016-08-18 20:29:30 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2016:1630 https://rhn.redhat.com/errata/RHSA-2016-1630.html

Comment 42 errata-xmlrpc 2016-08-18 20:30:48 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2016:1629 https://rhn.redhat.com/errata/RHSA-2016-1629.html


Note You need to log in before you can comment on or make changes to this bug.