Sign-up

ID

VAR-200810-0255


CVE

CVE-2008-4491


TITLE

Apple Mail.app Vulnerable to reading important emails

Trust: 0.8

sources: JVNDB: JVNDB-2008-003520

DESCRIPTION

Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. Apple Mail is prone to a weakness in its implementation of S/MIME encryption. An attacker with access to an IMAP or Exchange email server may be able to take advantage of this issue to obtain sensitive information. Mail 3.5 (929.4/929.2) is vulnerable; other versions may also be affected. Apple Mail is the mail client installed by default in Mac OS X machines. According to the standard, using S/MIME means that no one else can view the encrypted mail except the recipient and sender of the mail, and the Store draft messages on the server option stores the mail in plain text before sending it, which makes it possible Cause security misleading and information leakage

Trust: 1.98

sources: NVD: CVE-2008-4491 // JVNDB: JVNDB-2008-003520 // BID: 31598 // VULHUB: VHN-34616

AFFECTED PRODUCTS

vendor:applemodel:mailscope:eqversion:3.5

Trust: 2.4

vendor:applemodel:mac os xscope: - version: -

Trust: 0.8

vendor:applemodel:mailscope:eqversion:3.5(929.4/929.2)

Trust: 0.3

vendor:applemodel:mailscope: - version: -

Trust: 0.3

sources: BID: 31598 // JVNDB: JVNDB-2008-003520 // CNNVD: CNNVD-200810-117 // NVD: CVE-2008-4491

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-4491
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-4491
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200810-117
value: MEDIUM

Trust: 0.6

VULHUB: VHN-34616
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-4491
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-34616
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-34616 // JVNDB: JVNDB-2008-003520 // CNNVD: CNNVD-200810-117 // NVD: CVE-2008-4491

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-34616 // JVNDB: JVNDB-2008-003520 // NVD: CVE-2008-4491

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200810-117

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200810-117

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-003520

PATCH
title:Top Pageurl:http://www.apple.com/macosx/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-003520

EXTERNAL IDS
db:NVDid:CVE-2008-4491
Trust: 2.8
db:BIDid:31598
Trust: 2.0
db:SECTRACKid:1021019
Trust: 1.7
db:SREASONid:4363
Trust: 1.7
db:JVNDBid:JVNDB-2008-003520
Trust: 0.8
db:BUGTRAQid:20081006 [ENABLESECURITY] APPLE'S MAIL.APP STORES YOUR S/MIME ENCRYPTED EMAILS IN CLEAR TEXT
Trust: 0.6
db:XFid:45688
Trust: 0.6
db:CNNVDid:CNNVD-200810-117
Trust: 0.6
db:VULHUBid:VHN-34616
Trust: 0.1
sources:
            
            
            VULHUB: VHN-34616 // 
            
            
            
            BID: 31598 // 
            
            
            
            JVNDB: JVNDB-2008-003520 // 
            
            
            
            CNNVD: CNNVD-200810-117 // 
            
            
            
            NVD: CVE-2008-4491

REFERENCES
url:http://www.securityfocus.com/bid/31598
Trust: 1.7
url:http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/
Trust: 1.7
url:http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt
Trust: 1.7
url:http://www.securitytracker.com/id?1021019
Trust: 1.7
url:http://securityreason.com/securityalert/4363
Trust: 1.7
url:http://www.securityfocus.com/archive/1/497057/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/45688
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4491
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4491
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/45688
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/497057/100/0/threaded
Trust: 0.6
url:http://www.apple.com/macosx/features/mail/
Trust: 0.3
url:/archive/1/497057
Trust: 0.3
sources:
            
            
            VULHUB: VHN-34616 // 
            
            
            
            BID: 31598 // 
            
            
            
            JVNDB: JVNDB-2008-003520 // 
            
            
            
            CNNVD: CNNVD-200810-117 // 
            
            
            
            NVD: CVE-2008-4491

CREDITS
EnableSecurity※ newsletter@enablesecurity.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200810-117

SOURCES
db:VULHUBid:VHN-34616
db:BIDid:31598
db:JVNDBid:JVNDB-2008-003520
db:CNNVDid:CNNVD-200810-117
db:NVDid:CVE-2008-4491

LAST UPDATE DATE
2024-11-23T22:50:04.832000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-34616date:2018-10-11T00:00:00
db:BIDid:31598date:2015-05-07T17:22:00
db:JVNDBid:JVNDB-2008-003520date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200810-117date:2009-02-10T00:00:00
db:NVDid:CVE-2008-4491date:2024-11-21T00:51:48.487

SOURCES RELEASE DATE
db:VULHUBid:VHN-34616date:2008-10-08T00:00:00
db:BIDid:31598date:2008-10-06T00:00:00
db:JVNDBid:JVNDB-2008-003520date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200810-117date:2008-10-08T00:00:00
db:NVDid:CVE-2008-4491date:2008-10-08T18:00:03.503