Details of VAR-201712-0269

ID

VAR-201712-0269

CVE

CVE-2017-13871

TITLE

Apple macOS of Mail Vulnerability in components to read e-mail content in plain text

Trust: 0.8

sources: JVNDB: JVNDB-2017-011446

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan are now available and address the following: apache Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory Description: Multiple issues were addressed by updating to version 2.4.28. CVE-2017-9798 curl Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Malicious FTP servers may be able to cause the client to read out-of-bounds memory Description: An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking. CVE-2017-1000254: Max Dymond Directory Utility Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1 Not impacted: macOS Sierra 10.12.6 and earlier Impact: An attacker may be able to bypass administrator authentication without supplying the administrator's password Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. CVE-2017-13872 Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13883: an anonymous researcher Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2017-13878: Ian Beer of Google Project Zero Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-13875: Ian Beer of Google Project Zero IOAcceleratorFamily Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift) of SoftSec, KAIST (softsec.kaist.ac.kr) IOKit Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with system privileges Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-2017-13848: Alex Plaskett of MWR InfoSecurity CVE-2017-13858: an anonymous researcher IOKit Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad Kernel Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13876: Ian Beer of Google Project Zero Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13867: Ian Beer of Google Project Zero Kernel Available for: macOS High Sierra 10.13.1 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero Mail Available for: macOS High Sierra 10.13.1 Impact: A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13871: an anonymous researcher Mail Drafts Available for: macOS High Sierra 10.13.1 Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH OpenSSL Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking. CVE-2017-3735: found by OSS-Fuzz Screen Sharing Server Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6 Impact: A user with screen sharing access may be able to access any file readable by root Description: A permissions issue existed in the handling of screen sharing sessions. This issue was addressed with improved permissions handling. CVE-2017-13826: Trevor Jacques of Toronto Installation note: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7 Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp 4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj 5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+ ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs= =2VBd -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2017-13871 // JVNDB: JVNDB-2017-011446 // BID: 102099 // VULHUB: VHN-104537 // PACKETSTORM: 145270

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.1	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.6	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.2	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.2	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.5	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.4	Trust: 0.6
vendor:	apple	model:	macos	scope:	eq	version:	10.13.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.13	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.13.2	Trust: 0.3

sources: BID: 102099 // JVNDB: JVNDB-2017-011446 // CNNVD: CNNVD-201712-903 // NVD: CVE-2017-13871

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-13871
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-13871
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201712-903
value:	HIGH
Trust: 0.6
VULHUB:	VHN-104537
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-13871
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-104537
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-13871
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-104537 // JVNDB: JVNDB-2017-011446 // CNNVD: CNNVD-201712-903 // NVD: CVE-2017-13871

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9
problemtype:	CWE-371	Trust: 0.9

sources: VULHUB: VHN-104537 // JVNDB: JVNDB-2017-011446 // NVD: CVE-2017-13871

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-903

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201712-903

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011446

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208331	url:	https://support.apple.com/en-us/HT208331	Trust: 0.8
title:	HT208331	url:	https://support.apple.com/ja-jp/HT208331	Trust: 0.8
title:	Apple macOS High Sierra Mail Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77332	Trust: 0.6

sources: JVNDB: JVNDB-2017-011446 // CNNVD: CNNVD-201712-903

EXTERNAL IDS

db:	NVD	id:	CVE-2017-13871	Trust: 2.9
db:	BID	id:	102099	Trust: 2.0
db:	SECTRACK	id:	1039966	Trust: 1.7
db:	JVN	id:	JVNVU98418454	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-011446	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-903	Trust: 0.7
db:	VULHUB	id:	VHN-104537	Trust: 0.1
db:	PACKETSTORM	id:	145270	Trust: 0.1

sources: VULHUB: VHN-104537 // BID: 102099 // JVNDB: JVNDB-2017-011446 // PACKETSTORM: 145270 // CNNVD: CNNVD-201712-903 // NVD: CVE-2017-13871

REFERENCES

url:	http://www.securityfocus.com/bid/102099	Trust: 1.7
url:	https://support.apple.com/ht208331	Trust: 1.7
url:	http://www.securitytracker.com/id/1039966	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13871	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13871	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98418454/index.html	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	https://support.apple.com/en-in/ht208331	Trust: 0.3
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3735	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13860	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13875	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13878	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13867	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13855	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13858	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13868	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13872	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13826	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9798	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13844	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13848	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13865	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13833	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000254	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13847	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13862	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13883	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13876	Trust: 0.1

sources: VULHUB: VHN-104537 // BID: 102099 // JVNDB: JVNDB-2017-011446 // PACKETSTORM: 145270 // CNNVD: CNNVD-201712-903 // NVD: CVE-2017-13871

CREDITS

Ian Beer of Google Project Zero, HyungSeok Han, and anonymous researcher.

Trust: 0.3

sources: BID: 102099

SOURCES

db:	VULHUB	id:	VHN-104537
db:	BID	id:	102099
db:	JVNDB	id:	JVNDB-2017-011446
db:	PACKETSTORM	id:	145270
db:	CNNVD	id:	CNNVD-201712-903
db:	NVD	id:	CVE-2017-13871

LAST UPDATE DATE

2025-04-20T21:43:32.672000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-104537	date:	2019-10-03T00:00:00
db:	BID	id:	102099	date:	2017-12-19T22:01:00
db:	JVNDB	id:	JVNDB-2017-011446	date:	2018-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201712-903	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-13871	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-104537	date:	2017-12-25T00:00:00
db:	BID	id:	102099	date:	2017-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-011446	date:	2018-01-16T00:00:00
db:	PACKETSTORM	id:	145270	date:	2017-12-08T10:11:11
db:	CNNVD	id:	CNNVD-201712-903	date:	2017-12-26T00:00:00
db:	NVD	id:	CVE-2017-13871	date:	2017-12-25T21:29:14.950