Sign-up

ID

VAR-201003-0205


CVE

CVE-2010-0525


TITLE

Apple Mac OS X of Mail Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2010-001264

DESCRIPTION

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. Apple Mac OS X is prone to a security-bypass vulnerability in Mail. Attackers can exploit this issue, likely with a man-in-the-middle attack, to potentially decrypt email messages that were encrypted with unexpectedly weak encryption keys. Other attacks may also be possible. The following are vulnerable: Mac OS X 10.5.8 Mac OS X Server 10.5.8 Mac OS X 10.6 through 10.6.2 Mac OS X Server 10.6 through 10.6.2 NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it. There is a logic error in Mail's handling of encryption certificates. Mail may choose an encryption key that was not intended when there are multiple certificates for the recipient in the keychain. If the key is cryptographically weaker than the expected key, it can cause security issues

Trust: 1.98

sources: NVD: CVE-2010-0525 // JVNDB: JVNDB-2010-001264 // BID: 39279 // VULHUB: VHN-43130

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.5.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.7

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.6

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:lteversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.6.3

Trust: 0.3

sources: BID: 39279 // JVNDB: JVNDB-2010-001264 // CNNVD: CNNVD-201003-487 // NVD: CVE-2010-0525

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0525
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0525
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201003-487
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43130
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0525
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2010-0525
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-43130
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43130 // JVNDB: JVNDB-2010-001264 // CNNVD: CNNVD-201003-487 // NVD: CVE-2010-0525

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-43130 // JVNDB: JVNDB-2010-001264 // NVD: CVE-2010-0525

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-487

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201003-487

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001264

PATCH
title:HT4077url:http://support.apple.com/kb/HT4077
Trust: 0.8
title:HT4077url:http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001264

EXTERNAL IDS
db:NVDid:CVE-2010-0525
Trust: 2.8
db:JVNDBid:JVNDB-2010-001264
Trust: 0.8
db:CNNVDid:CNNVD-201003-487
Trust: 0.7
db:NSFOCUSid:14715
Trust: 0.6
db:APPLEid:APPLE-SA-2010-03-29-1
Trust: 0.6
db:BIDid:39279
Trust: 0.4
db:VULHUBid:VHN-43130
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43130 // 
            
            
            
            BID: 39279 // 
            
            
            
            JVNDB: JVNDB-2010-001264 // 
            
            
            
            CNNVD: CNNVD-201003-487 // 
            
            
            
            NVD: CVE-2010-0525

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html
Trust: 1.7
url:http://support.apple.com/kb/ht4077
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0525
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0525
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14715
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-43130 // 
            
            
            
            BID: 39279 // 
            
            
            
            JVNDB: JVNDB-2010-001264 // 
            
            
            
            CNNVD: CNNVD-201003-487 // 
            
            
            
            NVD: CVE-2010-0525

CREDITS
Michael KisorDamian Put※ pucik@cc-team.org
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201003-487

SOURCES
db:VULHUBid:VHN-43130
db:BIDid:39279
db:JVNDBid:JVNDB-2010-001264
db:CNNVDid:CNNVD-201003-487
db:NVDid:CVE-2010-0525

LAST UPDATE DATE
2025-04-11T22:41:47.949000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43130date:2010-06-21T00:00:00
db:BIDid:39279date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001264date:2010-04-15T00:00:00
db:CNNVDid:CNNVD-201003-487date:2010-03-31T00:00:00
db:NVDid:CVE-2010-0525date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43130date:2010-03-30T00:00:00
db:BIDid:39279date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001264date:2010-04-15T00:00:00
db:CNNVDid:CNNVD-201003-487date:2010-03-30T00:00:00
db:NVDid:CVE-2010-0525date:2010-03-30T18:30:01.313