vulnerability
Ubuntu: USN-3134-1 (CVE-2016-0772): Python vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Sep 2, 2016 | Nov 23, 2016 | Mar 27, 2026 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Sep 2, 2016
Added
Nov 23, 2016
Modified
Mar 27, 2026
Description
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Solutions
ubuntu-upgrade-libpython2-7ubuntu-upgrade-libpython2-7-minimalubuntu-upgrade-libpython2-7-stdlibubuntu-upgrade-libpython3-2ubuntu-upgrade-libpython3-4ubuntu-upgrade-libpython3-4-minimalubuntu-upgrade-libpython3-4-stdlibubuntu-upgrade-libpython3-5ubuntu-upgrade-libpython3-5-minimalubuntu-upgrade-libpython3-5-stdlibubuntu-upgrade-python2-7ubuntu-upgrade-python2-7-minimalubuntu-upgrade-python3-2ubuntu-upgrade-python3-2-minimalubuntu-upgrade-python3-4ubuntu-upgrade-python3-4-minimalubuntu-upgrade-python3-5ubuntu-upgrade-python3-5-minimal
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.