[Japanese]

JVNDB-2004-000590

Becky! Internet Mail vulnerability in S/MIME signature verification

Overview

Becky! Internet Mail contains the following vulnerabilities in the S/MIME signature verification:

- S/MIME signature verification does not verify the certification path.
- S/MIME signature verification does not verify the certification expiration date.
CVSS Severity (What is CVSS?)

Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


RIMARTS
  • Becky! Internet Mail Ver.1.03 and ealier

Impact

Even if a recipient receives an email message signed with an S/MIME signature containing a certificate forging an arbitrary email address signed by a self-signed certificate, the recipient may not notice that it is a forged email.
Solution

Vendor Information

RIMARTS
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#7C9208F1
Revision History

[2008/05/21]
  Web page published