Hundreds of potentially affected vendors are rushing to create patches for a security vulnerability in the S/MIME...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
protocol that may permit a denial of service.
Originally, e-mail consisted entirely of text. The MIME (multipurpose Internet mail extensions) protocol was devised to allow non-text items (graphics, sound, binary objects) to be represented as text and sent via e-mail. The S/MIME (secure multipurpose Internet mail extensions) addition enables this exchange to be done securely, and is commonly used for digital signatures and encrypted e-mail.
The problem is that the secure portion of an e-mail attachment is encoded with ASN.1 (Abstract Syntax Notation One). A remote attacker could use an exceptional ASN.1 element that the S/MIME implementation might not be able to handle. This could cause a denial-of-service. There is also a small possibility that a buffer overflow could be exploited to execute arbitrary code.
Since S/MIME is implemented differently by different vendors, each vendor must test their implementation, and provide their own patch if vulnerable.