1631 matches found
Mandriva Linux Security Advisory : php-pear-Mail (MDVSA-2010:025)
Multiple vulnerabilities were discovered and corrected in php-pear Mail : Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted paramete...
HP-UX Update for sendmail HPSBUX02495
Check for the Version of sendmail OpenVAS Vulnerability Test HP-UX Update for sendmail HPSBUX02495 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
HP-UX Update for sendmail HPSBUX02495
Check for the Version of sendmail OpenVAS Vulnerability Test HP-UX Update for sendmail HPSBUX02495 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
Sendmail SSL certificate spoofing
It's possible to spoof SSL certificate by using NULL character in CN...
[ MDVSA-2010:003 ] sendmail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:003 http://www.mandriva.com/security/ Package : sendmail Date : January 11, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description...
Mandriva Linux Security Advisory : sendmail (MDVSA-2010:003)
A security vulnerability has been identified and fixed in sendmail : sendmail before 8.14.4 does not properly handle a '\0' NUL character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server...
Sendmail CA SSL证书验证漏洞
BUGTRAQ ID: 37543 CVE ID: CVE-2009-4565 Sendmail是很多大型站点都在使用的邮件传输代理(MTA)。 Sendmail没有正确地验证X.509证书主题的通用名称(CN)字段的域名中的空字符(\0),在处理包含有空字符的证书字段时错误地将空字符处理为截止字符,因此只会验证空字符前的部分。例如,对于类似于以下的名称: example.com\0.haxx.se...
Sendmail < 8.14.4 SSL Certificate NULL Character Spoofing
Binary data 5293.prm...
Sendmail < 8.14.4 SSL Certificate NULL Character Spoofing
The remote mail server is running a version of Sendmail earlier than 8.14.4. Such versions are reportedly affected by a flaw that may allow an attacker to spoof SSL certificates by using a NULL character in certain certificate fields. A remote attacker may exploit this to perform a...
CVE-2009-4565
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...
CVE-2009-4565
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...
Design/Logic Flaw
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...
DEBIAN-CVE-2009-4565
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...
CVE-2009-4565
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...
CVE-2009-4565
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...
CVE-2009-4565
CVE-2009-4565 affects sendmail up to version 8.14.3; the vulnerability arises from improper handling of a ‘\0’ character in the Common Name (CN) field of X.509 certificates. This flaw enables MITM spoofing of SSL-based SMTP servers via a crafted server certificate from a trusted CA and could allo...
CVE-2009-4565
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...
Sendmail Update Patches Memory Leak Flaws
Version 8.14.4 of Sendmail, the open source mail transfer agent MTA, includes fixes for several security vulnerabilities including some integer overflows, memory leaks and for the SSL NUL character problem disclosed in mid 2009. Read the full article. The H Security...
Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Sendmail is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Successfully exploiting this issue allows attackers to perform...
Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Sendmail is prone to a security bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might ...