Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201206-30
HistoryJun 25, 2012 - 12:00 a.m.

sendmail: X.509 NULL spoofing vulnerability

2012-06-2500:00:00
Gentoo Foundation
security.gentoo.org
18

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON

Background

sendmail is a widely-used Mail Transport Agent (MTA).

Description

A vulnerability has been discovered in sendmail. Please review the CVE identifier referenced below for details.

Impact

A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using sendmail.

Workaround

There is no known workaround at this time.

Resolution

All sendmail users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.14.4"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmail-mta/sendmail< 8.14.4UNKNOWN

Related

nessus 27
debian 2
openvas 18
fedora 2
securityvulns 2
veracode 1
redhat 2
seebug 1
oraclelinux 2
prion 1
debiancve 1
cve 1
aix 1
ubuntucve 1
checkpoint_advisories 1
nessus
nessus
SuSE9 Security Update : sendmail (YOU Patch Number 12590)
2010-03-02 00:00:00
Fedora 12 : sendmail-8.14.4-3.fc12 (2010-5470)
2010-07-01 00:00:00
openSUSE Security Update : rmail (rmail-2012)
2010-03-01 00:00:00
debian
debian
[SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness
2010-01-31 14:32:06
[SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness
2010-01-31 14:32:06
openvas
openvas
Fedora Update for sendmail FEDORA-2010-5399
2010-06-18 00:00:00
Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2010-01-04 00:00:00
HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508
2010-03-31 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: sendmail-8.14.4-3.fc12
2010-06-21 12:53:35
[SECURITY] Fedora 11 Update: sendmail-8.14.4-3.fc11
2010-06-14 17:26:40
securityvulns
securityvulns
Sendmail SSL certificate spoofing
2010-01-17 00:00:00
[ MDVSA-2010:003 ] sendmail
2010-01-17 00:00:00
veracode
veracode
Authorization Bypass
2020-04-10 00:44:20
redhat
redhat
(RHSA-2011:0262) Low: sendmail security and bug fix update
2011-02-16 00:00:00
(RHSA-2010:0237) Low: sendmail security and bug fix update
2010-03-30 00:00:00
seebug
seebug
Sendmail CA SSL证书验证漏洞
2010-01-08 00:00:00
oraclelinux
oraclelinux
sendmail security and bug fix update
2010-04-05 00:00:00
sendmail security and bug fix update
2011-02-23 00:00:00
prion
prion
Design/Logic Flaw
2010-01-04 21:30:00
debiancve
debiancve
CVE-2009-4565
2010-01-04 21:30:00
cve
cve
CVE-2009-4565
2010-01-04 21:30:00
aix
aix
Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS
2010-03-29 15:54:57
ubuntucve
ubuntucve
CVE-2009-4565
2010-01-04 00:00:00
checkpoint_advisories
checkpoint_advisories
SSL NULL Termination Certificate Validation Security Bypass (CVE-2009-2408; CVE-2009-2510; CVE-2009-4565)
2009-08-12 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON
Related for GLSA-201206-30
nessus27debian2openvas18fedora2securityvulns2veracode1redhat2seebug1oraclelinux2prion1debiancve1cve1aix1ubuntucve1checkpoint_advisories1