Published:2004/10/28  Last Updated:2008/05/21

JVN#E59B594B
Tsuru-Kame Mail vulnerable in S/MIME signature verification

Overview

Tsuru-Kame Mail contains the following vulnerabilities in the S/MIME signature verification:

  • S/MIME signature verification does not verify the certification path.
  • S/MIME signature verification does not verify the certification expiration date.

Products Affected

  • Tsuru-Kame Mail, earlier than v4.00
* The name of the software "Tsuru-Kame Mail" was changed to "Hidemaru Mail" on August 10, 2005.

Description

Impact

The user can not notice a forged email signed by a malicious certificate.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Saitoh Kikaku Vulnerable 2004/12/16

References

JPCERT/CC Addendum

Credit

Hiromitsu Takagi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000756

Update History