Vulnerabilities in S/MIME specification can be abused by so-called CBC gadget attacks to exfiltrate the plaintext from encrypted email. Attacker having access to encrypted emails of a victim can modify them to inject an image tag into them and create a single encrypted body part that exfiltrates its own plaintext when the victim opens the attacker email. External References: https://efail.de/
Created evolution tracking bugs for this issue: Affects: fedora-all [bug 1577910] Created kmail tracking bugs for this issue: Affects: fedora-all [bug 1577911] Created thunderbird tracking bugs for this issue: Affects: fedora-all [bug 1577914] Created thunderbird-enigmail tracking bugs for this issue: Affects: epel-7 [bug 1577917] Affects: fedora-all [bug 1577912] Created trojita tracking bugs for this issue: Affects: epel-7 [bug 1577915] Affects: fedora-all [bug 1577913]
Apparently, Mozilla Thunderbird addressed this in 52.8 using their own CVE-2018-5184 (bug 1580236): https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184 Mozilla upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1411592 remains non-public, but it's the same id as is listed on the efail.de page. Mozilla advisory also acknowledges authors of the efail.de paper as original reporters.
There are actually multiple related CVEs in the MFSA 2018-13 advisory: CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184 CVE-2018-5162: Encrypted mail leaks plaintext through src attribute https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162 CVE-2018-5185: Leaking plaintext through HTML forms https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185
(In reply to Tomas Hoger from comment #4) > CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack > https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184 https://hg.mozilla.org/releases/comm-esr52/rev/886b0e10bafa > CVE-2018-5162: Encrypted mail leaks plaintext through src attribute > https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162 https://hg.mozilla.org/releases/comm-esr52/rev/eec7161f761f reverted later, the log: https://hg.mozilla.org/releases/comm-esr52/log?rev=1457721 > CVE-2018-5185: Leaking plaintext through HTML forms > https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185 https://hg.mozilla.org/releases/comm-esr52/rev/2ebcd2081d70 Nothing from the above touches NSS, thus not usable for evolution-data-server. They also make sure that the data won't leak through HTTP channels, which is not a problem in evolution-data-server.
Mitigation: The easiest way to mitigate this vulnerability is not to use HTML emails. If you really need to use them ensure that MUA clients disable external links embedded in HTML emails. For example in thunderbird email client, Edit->Preferences->Privacy->Disable "Allow remote content in messages".
This issue was address in the version of Mozilla thunderbird shipped with Red Hat Enterprise Linux 6 and 7 via security advisories RHSA-2018:1725 and RHSA-2018:1726 respectively.
CVE-2018-5162 was this particular attack in Thunderbird, and it was resolved in 52.8. In reply to comment 5: > (In reply to Tomas Hoger from comment #4) > > CVE-2018-5162: Encrypted mail leaks plaintext through src attribute > > https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162 > > https://hg.mozilla.org/releases/comm-esr52/rev/eec7161f761f > > reverted later, the log: > https://hg.mozilla.org/releases/comm-esr52/log?rev=1457721 Replaced with: https://hg.mozilla.org/releases/comm-esr52/rev/6eca16d60d90
Statement: The research paper talks about use of HTML as a back channel to create an oracle for modified encrypted emails. HTML emails which use external links like "<img href="tla.org/TAG"/>" can cause security issues if they are honored by the MUAs. Due to flaws in MIME parsers many MUAs seem to concatenate decrypted HTML mine parts which makes it easy to plan such snippets in HTML emails. Please refer to https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html about how GnuPG can mitigate this flaw. For Thunderbird, this vulnerability was known as CVE-2018-5162 and resolved in 52.8.
Note: Further investigation suggests that evolution-data-server package may not be affected by this flaw as per: https://bugzilla.redhat.com/show_bug.cgi?id=1577910#c3