Bug 1093151 - (CVE-2017-17688) VUL-0: CVE-2017-17688: evolution,mutt,claws-mail,trojita,kmail: CFB gadget attacks allows to exfiltrate plaintext out of encrypted emails (EFAIL)
(CVE-2017-17688)
VUL-0: CVE-2017-17688: evolution,mutt,claws-mail,trojita,kmail: CFB gadget at...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/205750/
CVSSv3:SUSE:CVE-2017-17688:5.9:(AV:N...
:
Depends on: CVE-2018-5162 CVE-2018-5185
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-14 14:32 UTC by Johannes Segitz
Modified: 2021-04-30 09:43 UTC (History)
9 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-05-14 14:32:32 UTC
rh#1577906

Vulnerabilities in OpenPGP specification can be abused by so-called CFB gadget attacks to exfiltrate the plaintext from encrypted email. Attacker having access to encrypted emails of a victim can modify them to inject an image tag into them and create a single encrypted body part that exfiltrates its own plaintext when the victim opens the attacker email.

More details in https://efail.de/, full details in the paper:
https://efail.de/efail-attack-paper.pdf

Assigning to bnc-team-gnome for evolution. All the other maintainers (or last major contributers) are CC.

I'm still reading the paper myself, but according to page 20 all those packages are affected one way or another.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1577906
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17688
Comment 1 Dr. Werner Fink 2018-05-14 14:39:39 UTC
AFAIU the scenario requires html mail bodies
Comment 3 Swamp Workflow Management 2018-05-16 16:00:27 UTC
This is an autogenerated message for OBS integration:
This bug (1093151) was mentioned in
https://build.opensuse.org/request/show/609845 15.0+42.3+Backports:SLE-12 / enigmail
Comment 5 Swamp Workflow Management 2018-05-17 16:07:22 UTC
openSUSE-SU-2018:1329-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1093151,1093152
CVE References: CVE-2017-17688,CVE-2017-17689
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    enigmail-2.0.4-9.1
Comment 6 Swamp Workflow Management 2018-05-17 16:07:54 UTC
openSUSE-SU-2018:1330-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1093151,1093152
CVE References: CVE-2017-17688,CVE-2017-17689
Sources used:
openSUSE Leap 42.3 (src):    enigmail-2.0.4-12.1
Comment 7 Swamp Workflow Management 2018-05-19 19:07:33 UTC
openSUSE-SU-2018:1347-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1093151,1093152
CVE References: CVE-2017-17688,CVE-2017-17689
Sources used:
openSUSE Leap 15.0 (src):    enigmail-2.0.4-lp150.2.3.1
Comment 8 Swamp Workflow Management 2018-05-22 06:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1093151) was mentioned in
https://build.opensuse.org/request/show/611143 15.0+42.3+Backports:SLE-12 / enigmail
Comment 9 Johannes Segitz 2018-05-22 06:49:53 UTC
MozillaThunderbird has own CVEs, removed this package here.

Statement from Kevin J. McCarthy regarding mutt:

I've received a few questions about EFAIL and whether this release has
any related changes, so I hope you'll forgive me for sending a second
mutt-announce email today.

For those unaware, https://efail.de/ disclosed an attack on OpenPGP and
S/MIME emails this past week.  The researchers reported mutt-1.7.2 was
not successfully attacked.

So, the short answer is no, mutt-1.10.0 has no changes made as a result
of EFAIL, and the pgp/smime configuration variable changes in this
release are unrelated.

I am neither a security researcher nor a cryptographer, but here are my
current takeaways and suggestions:

* If you are using a version of mutt before 1.6.0 and rely on OpenPGP
  encryption, please upgrade.  1.6.0 introduced $pgp_decryption_okay,
  which scans the GnuPGP status output for a successful decryption code.

* Please make sure you update your config to the values suggested
  in contrib/gpg.rc (again, in particular $pgp_decryption_okay).

* Opening a decrypted email in an external browser should be considered
  unsafe.  Part of the attack was due to HTML injection.

* I don't believe autoviewing dumped HTML via lynx, elinks, etc is an
  issue.  However, the researchers did not specifically test that.

Since this only covers GnuPG I'll still leave mutt in here for S/MIME
Comment 10 Swamp Workflow Management 2018-05-23 19:22:23 UTC
openSUSE-SU-2018:1392-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1093151,1093152
CVE References: CVE-2017-17688,CVE-2017-17689
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    enigmail-2.0.5-12.1
Comment 11 Swamp Workflow Management 2018-05-23 19:23:19 UTC
openSUSE-SU-2018:1393-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1093151,1093152
CVE References: CVE-2017-17688,CVE-2017-17689
Sources used:
openSUSE Leap 42.3 (src):    enigmail-2.0.5-15.1
openSUSE Leap 15.0 (src):    enigmail-2.0.5-lp150.2.6.1
Comment 13 Dr. Werner Fink 2018-05-28 12:01:36 UTC
(In reply to Johannes Segitz from comment #9)
>
> So, the short answer is no, mutt-1.10.0 has no changes made as a result
> of EFAIL, and the pgp/smime configuration variable changes in this
> release are unrelated.
> 
> I am neither a security researcher nor a cryptographer, but here are my
> current takeaways and suggestions:
> 
> * If you are using a version of mutt before 1.6.0 and rely on OpenPGP
>   encryption, please upgrade.  1.6.0 introduced $pgp_decryption_okay,
>   which scans the GnuPGP status output for a successful decryption code.

SLES-12 is on mutt-1.6.0 whereas SLES-11 is on mutt-1.5.17 ... do we need an update on SLES-11 (LTS)

> 
> * Please make sure you update your config to the values suggested
>   in contrib/gpg.rc (again, in particular $pgp_decryption_okay).

That makes it complicated as this is a user file and an installation due an update of the mutt package does not overwrite this file

> * Opening a decrypted email in an external browser should be considered
>   unsafe.  Part of the attack was due to HTML injection.

That you have to enforce by using urlview/urlscan which btw. does only expand particular URLS from within the message and never the full messages. If an user uses w3m then he is always on its own.

> * I don't believe autoviewing dumped HTML via lynx, elinks, etc is an
>   issue.  However, the researchers did not specifically test that.

Hmmm ... lynx or w3m does not matter, both do the same work

> 
> Since this only covers GnuPG I'll still leave mutt in here for S/MIME

Does mean what here?  AFAIHU this is a main problem of the protocol its self.
Btw. Do they have tested the mutt uses with 

   set crypt_use_gpgme=yes

instead of gpg.rc (aka `source ~/.gpg.rc' in ~/.muttrc)
Comment 14 Johannes Segitz 2018-05-30 12:03:15 UTC
(In reply to Dr. Werner Fink from comment #13)
>> So, the short answer is no, mutt-1.10.0 has no changes made as a result
>> of EFAIL, and the pgp/smime configuration variable changes in this
>> release are unrelated.
>>
>> I am neither a security researcher nor a cryptographer, but here are my
>> current takeaways and suggestions:
>>
>> * If you are using a version of mutt before 1.6.0 and rely on OpenPGP
>>   encryption, please upgrade.  1.6.0 introduced $pgp_decryption_okay,
>>   which scans the GnuPGP status output for a successful decryption code.
>
>SLES-12 is on mutt-1.6.0 whereas SLES-11 is on mutt-1.5.17 ... do we need an update on SLES-11 (LTS)

We have it regularly maintained in SLE-SERVER_11-SP4, so yes.

>> * Please make sure you update your config to the values suggested
>>   in contrib/gpg.rc (again, in particular $pgp_decryption_okay).
>
>That makes it complicated as this is a user file and an installation due an update of the mutt package does not overwrite this file

We can mention it in the patchinfo to inform the user that he has to change
this. But we should still change the setting we deliver for new installations

>> Since this only covers GnuPG I'll still leave mutt in here for S/MIME
>
>Does mean what here?  AFAIHU this is a main problem of the protocol its self.

yes, but we still might see mitigations in the client

>Btw. Do they have tested the mutt uses with
>
>   set crypt_use_gpgme=yes
>
>instead of gpg.rc (aka `source ~/.gpg.rc' in ~/.muttrc)

no
Comment 15 Justin Jack 2019-01-14 14:37:10 UTC
(In reply to Johannes Segitz from comment #0)
> rh#1577906
> 
> Vulnerabilities in OpenPGP specification can be abused by so-called CFB
> gadget attacks to exfiltrate the plaintext from encrypted email. Attacker
> having access to encrypted emails of a victim can modify them to inject an
> image tag into them and create a single encrypted body part that exfiltrates
> its own plaintext when the victim opens the attacker email.
> 
> More details in https://efail.de/, full details in the paper:
> https://efail.de/efail-attack-paper.pdf
> 
> Assigning to bnc-team-gnome for evolution. All the other maintainers (or
> last major contributers) are CC.
> 
> I'm still reading the paper myself, but according to page 20 all those
> packages are affected one way or another.
> 
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=1577906
> https://whatstatus.co/hindi-jokes/
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17688

I've received a few questions about EFAIL and whether this release has
any related changes, so I hope you'll forgive me for sending a second
mutt-announce email today.