Synology-SA-17:82 Mailsploit
Publish Time: 2017-12-29 13:33:29 UTC+8
Last Updated: 2018-01-02 11:53:50 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
Mailsploit allows remote attackers to conduct spoofing attacks via a susceptible version of MailPlus, Android MailPlus and iOS MailPlus.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
MailPlus | Important | Upgrade to 1.4.1-0742 or above. |
Android MailPlus | Important | Upgrade to 1.6.1 or above. |
iOS MailPlus | Important | Upgrade to 1.6.1 or above. |
Mitigation
None
Detail
- MailSploit
- Severity: Important
- CVSS3 Base Score: 7.4
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
- Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC (DKIM/SPF) or spam filters.
Reference
Revision History
Revision | Date | Description |
---|---|---|
1 | 2017-12-29 | Initial public release. |
2 | 2018-1-2 | Updated availability for iOS MailPlus in Affected Products. |