Bug 1303647 - (CVE-2016-0772) CVE-2016-0772 python: smtplib StartTLS stripping attack
CVE-2016-0772 python: smtplib StartTLS stripping attack
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160611,repor...
: Security
Depends On: 1351682 1346344 1346345 1346346 1346354 1346355 1346356 1346357 1346358 1346359 1346360 1346361 1348973 1351679 1351680 1351681 1351684
Blocks: 1303701
  Show dependency treegraph
 
Reported: 2016-02-01 10:04 EST by Adam Mariš
Modified: 2016-08-18 16:56 EDT (History)
17 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-08-18 16:56:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2016-02-01 10:04:23 EST
A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS.
Comment 7 Cedric Buissart 2016-06-13 07:19:31 EDT
Patch :

Branch 2.7 : https://hg.python.org/cpython/rev/b3ce713fb9be
Branch 3.4 : https://hg.python.org/cpython/rev/d590114c2394
Comment 9 Cedric Buissart 2016-06-14 11:10:03 EDT
Created python tracking bugs for this issue:

Affects: fedora-all [bug 1346344]
Comment 10 Cedric Buissart 2016-06-14 11:10:09 EDT
Created python26 tracking bugs for this issue:

Affects: epel-5 [bug 1346346]
Comment 11 Cedric Buissart 2016-06-14 11:10:14 EDT
Created python3 tracking bugs for this issue:

Affects: fedora-all [bug 1346345]
Comment 12 Cedric Buissart 2016-06-14 11:14:19 EDT
Unembargoing : flaw and patch are now public
Comment 20 Cedric Buissart 2016-06-22 08:25:35 EDT
Created python34 tracking bugs for this issue:

Affects: epel-7 [bug 1348973]
Comment 21 Fedora Update System 2016-06-23 13:53:42 EDT
python-2.7.11-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 22 Fedora Update System 2016-06-24 19:22:20 EDT
python-2.7.11-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 23 Miro Hrončok 2016-06-30 08:34:51 EDT
pypy and pypy3 in Fedora are affected as well
Comment 24 Cedric Buissart 2016-06-30 10:46:55 EDT
Created pypy tracking bugs for this issue:

Affects: fedora-all [bug 1351679]
Comment 25 Cedric Buissart 2016-06-30 10:47:08 EDT
Created pypy3 tracking bugs for this issue:

Affects: fedora-all [bug 1351680]
Comment 26 Cedric Buissart 2016-06-30 10:49:45 EDT
Created pypy tracking bugs for this issue:

Affects: epel-5 [bug 1351681]
Affects: epel-6 [bug 1351682]
Affects: epel-7 [bug 1351684]
Comment 27 Fedora Update System 2016-06-30 17:28:53 EDT
python3-3.5.1-9.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 28 Fedora Update System 2016-07-05 00:54:33 EDT
pypy3-2.4.0-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 29 Fedora Update System 2016-07-05 00:55:57 EDT
pypy-5.0.1-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 30 Fedora Update System 2016-07-05 04:23:48 EDT
pypy-4.0.1-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 31 Fedora Update System 2016-07-05 04:24:37 EDT
python3-3.4.3-9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 32 Fedora Update System 2016-07-11 19:19:14 EDT
pypy-5.0.1-3.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Comment 33 Fedora Update System 2016-07-11 22:20:34 EDT
pypy3-2.4.0-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 34 Fedora Update System 2016-07-11 22:22:17 EDT
python-2.7.10-10.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 35 Fedora Update System 2016-07-11 22:22:56 EDT
python3-3.4.2-8.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 36 Fedora Update System 2016-07-11 22:24:29 EDT
pypy3-2.4.0-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 37 Fedora Update System 2016-07-30 14:20:29 EDT
python34-3.4.3-5.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Comment 38 errata-xmlrpc 2016-08-18 14:04:13 EDT
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS

Via RHSA-2016:1627 https://rhn.redhat.com/errata/RHSA-2016-1627.html
Comment 39 errata-xmlrpc 2016-08-18 14:39:58 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2016:1626 https://rhn.redhat.com/errata/RHSA-2016-1626.html
Comment 40 errata-xmlrpc 2016-08-18 16:08:35 EDT
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2016:1628 https://rhn.redhat.com/errata/RHSA-2016-1628.html
Comment 41 errata-xmlrpc 2016-08-18 16:29:30 EDT
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2016:1630 https://rhn.redhat.com/errata/RHSA-2016-1630.html
Comment 42 errata-xmlrpc 2016-08-18 16:30:48 EDT
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2016:1629 https://rhn.redhat.com/errata/RHSA-2016-1629.html

Note You need to log in before you can comment on or make changes to this bug.