CVE-2016-10727: Infoleak
First published: Fri Jul 20 2018(Updated: )
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| GNOME Evolution | <3.21.2 | |
| ubuntu/evolution-data-server | <3.10.4-0ubuntu1.6 | 3.10.4-0ubuntu1.6 |
| ubuntu/evolution-data-server | <3.21.2 | 3.21.2 |
| ubuntu/evolution-data-server | <3.18.5-1ubuntu1.1 | 3.18.5-1ubuntu1.1 |
| debian/evolution-data-server | 3.38.3-1+deb11u2 3.46.4-2 3.53.2-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1334842
- https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2
- https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022
- https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67
- https://usn.ubuntu.com/3724-1/
- https://launchpad.net/bugs/cve/CVE-2016-10727
- https://security-tracker.debian.org/tracker/CVE-2016-10727
- https://ubuntu.com/security/notices/USN-3724-1
- https://www.cve.org/CVERecord?id=CVE-2016-10727
- https://nvd.nist.gov/vuln/detail/CVE-2016-10727
- https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f6
- https://ubuntu.com/security/CVE-2016-10727
Frequently Asked Questions
What is CVE-2016-10727?
CVE-2016-10727 is a critical vulnerability in GNOME evolution-data-server that allows remote attackers to obtain sensitive information.
How does CVE-2016-10727 affect evolution-data-server?
CVE-2016-10727 affects evolution-data-server versions before 3.21.2.
What is the severity of CVE-2016-10727?
CVE-2016-10727 has a severity rating of 9.8 (Critical).
How can I fix CVE-2016-10727?
To fix CVE-2016-10727, you should update evolution-data-server to version 3.21.2 or higher.
Where can I find more information about CVE-2016-10727?
You can find more information about CVE-2016-10727 in the references provided: [link 1], [link 2], [link 3].
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- agent/remedy
- agent/severity
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/event
- agent/tags
- collector/usn-cve
- source/Ubuntu
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- vendor/gnome
- canonical/gnome evolution
- package-manager/debian
- package-manager/ubuntu