Main Vulnerability Database SB2013102411

SB2013102411 - Cryptographic issues in Apple MAC OS X

Published: October 24, 2013 Updated: August 10, 2020

Security Bulletin ID SB2013102411

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cryptographic issues (CVE-ID: CVE-2013-5185)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.

Remediation

Install update from vendor's website.

References

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html