ID CVE-2011-0207
Summary The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.
References
Vulnerable Configurations
  • Apple Mac OS X 10.6.3
    cpe:2.3:o:apple:mac_os_x:10.6.3
  • Apple Mac OS X 10.6.0
    cpe:2.3:o:apple:mac_os_x:10.6.0
  • Apple Mac OS X 10.6.4
    cpe:2.3:o:apple:mac_os_x:10.6.4
  • Apple Mac OS X 10.6.2
    cpe:2.3:o:apple:mac_os_x:10.6.2
  • Apple Mac OS X 10.6.5
    cpe:2.3:o:apple:mac_os_x:10.6.5
  • Apple Mac OS X 10.6.1
    cpe:2.3:o:apple:mac_os_x:10.6.1
  • Apple Mac OS X 10.6.6
    cpe:2.3:o:apple:mac_os_x:10.6.6
  • Apple Mac OS X 10.6.7
    cpe:2.3:o:apple:mac_os_x:10.6.7
  • Apple Mac OS X Server 10.6.4
    cpe:2.3:o:apple:mac_os_x_server:10.6.4
  • Apple Mac OS X Server 10.6.2
    cpe:2.3:o:apple:mac_os_x_server:10.6.2
  • Apple Mac OS X Server 10.6.3
    cpe:2.3:o:apple:mac_os_x_server:10.6.3
  • Apple Mac OS X Server 10.6.0
    cpe:2.3:o:apple:mac_os_x_server:10.6.0
  • Apple Mac OS X Server 10.6.5
    cpe:2.3:o:apple:mac_os_x_server:10.6.5
  • Apple Mac OS X Server 10.6.1
    cpe:2.3:o:apple:mac_os_x_server:10.6.1
  • Apple Mac OS X Server 10.6.6
    cpe:2.3:o:apple:mac_os_x_server:10.6.6
  • Apple Mac OS X Server 10.6.7
    cpe:2.3:o:apple:mac_os_x_server:10.6.7
CVSS
Base: 5.0 (as of 27-06-2011 - 09:58)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family MacOS X Local Security Checks
NASL id MACOSX_10_6_8.NASL
description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components : - App Store - ATS - Certificate Trust Policy - CoreFoundation - CoreGraphics - FTP Server - ImageIO - International Components for Unicode - Kernel - Libsystem - libxslt - MobileMe - MySQL - OpenSSL - patch - QuickLook - QuickTime - Samba - servermgrd - subversion
last seen 2019-02-21
modified 2018-08-22
plugin id 55416
published 2011-06-24
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=55416
title Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities
refmap via4
apple APPLE-SA-2011-06-23-1
bid 48444
confirm http://support.apple.com/kb/HT4723
Last major update 26-10-2011 - 23:21
Published 24-06-2011 - 16:55
Back to Top