HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508

Check for the Version of sendmail with STARTTLS Enabled OpenVAS Vulnerability Test HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Mon Mar 29 15:54:57 CDT 2010 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/sendmailadvisory.asc VULNERABILITY SUMMARY VULNERABILITY: AIX sendmail SSL...

sendmail allows external mail with from address [email protected]

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages...

Low: Red Hat Security Advisory: sendmail security and bug fix update

Updated sendmail packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

sendmail: incorrect verification of SSL certificate with NUL in name

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...

Sendmail SMTP Timeout Buffer Overflow (CVE-2006-0058)

Sendmail is a very popular Mail Transfer Agent MTA program that is typically used by medium to large size organizations and Internet Service Providers to send, accept, and relay e-mail. The program uses the SMTP protocol, defined in RFC 821, to communicate with clients when performing these tasks...

Spamassassin Milter Plugin Remote Root

Spamassassin Milter Plugin Remote Root Zeroday BTW zerodays lurk in the shadows not HERE aka the postfixjoker advisory Logic fuckup? March 07 2010 // if you read this 10 years later you are definetly seeking the nice 0days! Greetz fly out to alex,andi,adize :D +++ KEEP IT ULTRA PRIV8 +++ Software...

SuSE9 Security Update : sendmail (YOU Patch Number 12590)

This update of sendmail improves the handling of special-characters in the SSL certificate. CVE-2009-4565: CVSS v2 Base Score: 7.5 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

openSUSE Security Update : rmail (rmail-2012)

This update of sendmail improves the handling of special-characters in the SSL certificate. CVE-2009-4565: CVSS v2 Base Score: 7.5 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update rmail-2012. T...

openSUSE Security Update : rmail (rmail-2012)

This update of sendmail improves the handling of special-characters in the SSL certificate. CVE-2009-4565: CVSS v2 Base Score: 7.5 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update rmail-2012. T...

SuSE 10 Security Update : sendmail (ZYPP Patch Number 6859)

This update of sendmail improves the handling of special-characters in the SSL certificate. CVE-2009-4565: CVSS v2 Base Score: 7.5 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SuSE 11 Security Update : sendmail (SAT Patch Number 2021)

This update of sendmail improves the handling of special-characters in the SSL certificate. CVE-2009-4565: CVSS v2 Base Score: 7.5 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text...

openSUSE Security Update : rmail (rmail-2012)

This update of sendmail improves the handling of special-characters in the SSL certificate. CVE-2009-4565: CVSS v2 Base Score: 7.5 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update rmail-2012. T...

Debian DSA-1985-1 : sendmail - insufficient input validation

It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority,...

hplip hpssd.py From Address Arbitrary Command Execution

$Id: hpliphpssdexec.rb 8511 2010-02-16 00:27:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

HPLIP hpssd.py From Address Arbitrary Command Execution

This module exploits a command execution vulnerable in the hpssd.py daemon of the Hewlett-Packard Linux Imaging and Printing Project. According to MITRE, versions 1.x and 2.x before 2.7.10 are vulnerable. This module was written and tested using the Fedora 6 Linux distribution. On the test system...

PHPCMS 2007 / 2008 跨站脚本漏洞(xss vulnerability)

1、在phpcms2007中，sendmail.php未对传入的mailto, title等参数过滤，导致xss的产生。 不用上源码了，明眼人一看就明白。 Demo：http://www.cnegg.net/mail/sendmail.php?mailto=asdfa"scriptalert/CnCxzSec//script 考虑到PHPCMS2007的用户交互性，该鸡肋XSS可盗取COOKIES，有一定危害。 2、在phpcms2008中sendmail.php对传入变量有一定过滤，可是在magicquote=off的情况下，仍可利用...

[SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness

------------------------------------------------------------------------ Debian Security Advisory DSA-1985-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 31, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness

------------------------------------------------------------------------ Debian Security Advisory DSA-1985-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 31, 2010 http://www.debian.org/security/faq -...

DSA-1985-1 sendmail - insufficient input validation

Bulletin has no description...