Mandriva Linux Security Advisory : sendmail (MDVSA-2010:003)

NASLDB: Mandriva Linux Security Advisory : sendmail (MDVSA-2010:003)

General

ID: 43867
Name: Mandriva Linux Security Advisory : sendmail (MDVSA-2010:003)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

A security vulnerability has been identified and fixed in sendmail :

sendmail before 8.14.4 does not properly handle a ‘’ (NUL)
character in a Common Name (CN) field of an X.509 certificate, which
(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based
SMTP servers via a crafted server certificate issued by a legitimate
Certification Authority, and (2) allows remote attackers to bypass
intended access restrictions via a crafted client certificate issued
by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-4565).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

This update provides a fix for this vulnerability.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2009-4565
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2010/01/11
Plugin Release: 2010/01/13

Plugin

Version: 1.11
Filename: mandriva_MDVSA-2010-003.nasl
Filesize: 5237 bytes
MD5 Hash: 7241b5eb1c9ea8045320b41a90190344

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG