CVE-2018-15587

Related Files

Red Hat Security Advisory 2020-1600-01

Posted Apr 28, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1600-01 - Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof

systems | linux, redhat

advisories | CVE-2018-15587

SHA-256 | 511be00b0f587ba0dc6ea558c1f1fcc3a38fb96912517b7065e66159c2313bba

Download | Favorite | View

Red Hat Security Advisory 2020-1080-01

Posted Mar 31, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1080-01 - Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Issues addressed include OpenPGP signature spoofing and certificate errors being ignored.

tags | advisory, spoof

systems | linux, redhat

advisories | CVE-2018-15587, CVE-2019-3890

SHA-256 | 49e3527efd122fe2be90beedad548b8464347109c4a2cefa6f77b1a4439a99e4

Download | Favorite | View

Debian Security Advisory 4457-1

Posted Jun 7, 2019

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4457-1 - Hanno Böck discovered that Evolution was vulnerable to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email. This issue was mitigated by moving the security bar with encryption and signature information above the message headers.

tags | advisory, arbitrary, spoof

systems | linux, debian

advisories | CVE-2018-15587

SHA-256 | d1e5a1c7a2366d3c6b0370c4261519326bbba4cda9ce363ed72eae1ca5b653be

Download | Favorite | View

Ubuntu Security Notice USN-3998-1

Posted May 30, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3998-1 - Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2018-15587

SHA-256 | a09e5bf9ba77f79e2d94d072ce94f1565e935907c3b4ee8590c752d4ac31390a

Download | Favorite | View

Johnny You Are Fired

Posted May 1, 2019

Authored by Juraj Somorovsky, Jorg Schwenk, Sebastian Schinzel, Damian Poddebniak, Hanno Bock, Jens Muller, Marcus Brinkmann

This archive contains proof of concepts and a whitepaper that describes multiple email client implementations where popular clients for email are vulnerable to signature spoofing attacks.

tags | exploit, paper, spoof, proof of concept

advisories | CVE-2017-17848, CVE-2018-12019, CVE-2018-12020, CVE-2018-12356, CVE-2018-12556, CVE-2018-15586, CVE-2018-15587, CVE-2018-15588, CVE-2018-18509, CVE-2019-8338

SHA-256 | 3356c7f94ef68ddc7268602c64a93e10fbaff874992374b51f89d7cf87f71a0c

Download | Favorite | View