Details of VAR-201202-0146

ID

VAR-201202-0146

CVE

CVE-2011-3444

TITLE

Apple Mac OS X of Address Book In CardDAV Data read vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-001280

DESCRIPTION

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network. Apple Mac OS X is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. NOTE: This issue was previously discussed in BID 51798 (Apple Mac OS X Prior to 10.7.3 Multiple Security Vulnerabilities) but has been given its own record to better document it

Trust: 1.98

sources: NVD: CVE-2011-3444 // JVNDB: JVNDB-2012-001280 // BID: 51810 // VULHUB: VHN-51389

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	lte	version:	10.7.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	lte	version:	10.7.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.7 to v10.7.2	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.7 to v10.7.2	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.2	Trust: 0.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.7.3	Trust: 0.3

sources: BID: 51810 // JVNDB: JVNDB-2012-001280 // CNNVD: CNNVD-201202-070 // NVD: CVE-2011-3444

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3444
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-3444
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201202-070
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-51389
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-3444
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-51389
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-51389 // JVNDB: JVNDB-2012-001280 // CNNVD: CNNVD-201202-070 // NVD: CVE-2011-3444

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-51389 // JVNDB: JVNDB-2012-001280 // NVD: CVE-2011-3444

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-070

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201202-070

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001280

PATCH

title:

HT5130

url:

http://support.apple.com/kb/HT5130

Trust: 0.8

sources: JVNDB: JVNDB-2012-001280

EXTERNAL IDS

db:	NVD	id:	CVE-2011-3444	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-001280	Trust: 0.8
db:	CNNVD	id:	CNNVD-201202-070	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-02-01-1	Trust: 0.6
db:	BID	id:	51810	Trust: 0.4
db:	VULHUB	id:	VHN-51389	Trust: 0.1

sources: VULHUB: VHN-51389 // BID: 51810 // JVNDB: JVNDB-2012-001280 // CNNVD: CNNVD-201202-070 // NVD: CVE-2011-3444

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5130	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3444	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu382755	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3444	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-51389 // BID: 51810 // JVNDB: JVNDB-2012-001280 // CNNVD: CNNVD-201202-070 // NVD: CVE-2011-3444

CREDITS

Bernard Desruisseaux of Oracle Corporation.

Trust: 0.3

sources: BID: 51810

SOURCES

db:	VULHUB	id:	VHN-51389
db:	BID	id:	51810
db:	JVNDB	id:	JVNDB-2012-001280
db:	CNNVD	id:	CNNVD-201202-070
db:	NVD	id:	CVE-2011-3444

LAST UPDATE DATE

2025-04-11T21:08:08.324000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-51389	date:	2012-02-06T00:00:00
db:	BID	id:	51810	date:	2012-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2012-001280	date:	2012-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201202-070	date:	2012-02-06T00:00:00
db:	NVD	id:	CVE-2011-3444	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-51389	date:	2012-02-02T00:00:00
db:	BID	id:	51810	date:	2012-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2012-001280	date:	2012-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201202-070	date:	2012-02-06T00:00:00
db:	NVD	id:	CVE-2011-3444	date:	2012-02-02T18:55:01.037