漏洞信息详情
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mail S/MIME明文存储邮件漏洞
- CNNVD编号:CNNVD-200810-117
- 危害等级: 中危
- CVE编号: CVE-2008-4491
- 漏洞类型: 信息泄露
- 发布时间: 2008-10-08
- 威胁类型: 远程
- 更新时间: 2009-02-10
- 厂 商: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
- 漏洞来源: EnableSecurity※ ne...
漏洞简介
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mail是Mac OS X机器中默认安装的邮件客户端。
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mail支持使用S/MIME作为邮件加密和认证的标准,但在使用IMAP或Exchange服务器时Mail还提供了一个Store draft messages on the server选项。根据标准,使用S/MIME就意味着除了邮件的收件人和发件人没有其他人可以查看加密的邮件,而Store draft messages on the server选项在发送邮件之前以明文存储了邮件,这就可能造成安全误导和信息泄露。
漏洞公告
目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/macosx/features/mail/
参考网址
来源: XF
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-mail-smime-information-disclosure(45688)
链接:http://xforce.iss.net/xforce/xfdb/45688
来源: SECTRACK
名称: 1021019
链接:http://www.securitytracker.com/id?1021019
来源: BID
名称: 31598
链接:http://www.securityfocus.com/bid/31598
来源: BUGTRAQ
名称: 20081006 [ENABLESECURITY] CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple's Mail.app stores your S/MIME encrypted emails in clear text
链接:http://www.securityfocus.com/archive/1/archive/1/497057/100/0/threaded
来源: SREASON
名称: 4363
链接:http://securityreason.com/securityalert/4363
来源: MISC
链接:http://resources.enablesecurity.com/advisories/CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-mailapp-smime.txt
来源: MISC
链接:http://enablesecurity.com/2008/10/03/CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-mailapp-security-advisory/
受影响实体
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mail:3.5
补丁
暂无
评论