Gentoo Local Security Checks : Gentoo Security Advisory GLSA 201206-30 (sendmail)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.71556

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 201206-30 (sendmail)

Resumen: The remote host is missing updates announced in;advisory GLSA 201206-30.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 201206-30.

Vulnerability Insight:
An error in the hostname matching in sendmail might enable remote
attackers to conduct man-in-the-middle attacks.

Solution:
All sendmail users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-mta/sendmail-8.14.4'

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4565
BugTraq ID: 37543
http://www.securityfocus.com/bid/37543
Debian Security Information: DSA-1985 (Google Search)
http://www.debian.org/security/2010/dsa-1985
http://security.gentoo.org/glsa/glsa-201206-30.xml
HPdes Security Advisory: HPSBUX02508
http://marc.info/?l=bugtraq&m=126953289726317&w=2
HPdes Security Advisory: SSRT100007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822
http://www.redhat.com/support/errata/RHSA-2011-0262.html
http://secunia.com/advisories/37998
http://secunia.com/advisories/38314
http://secunia.com/advisories/38915
http://secunia.com/advisories/39088
http://secunia.com/advisories/40109
http://secunia.com/advisories/43366
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1
SuSE Security Announcement: SUSE-SR:2010:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://www.vupen.com/english/advisories/2009/3661
http://www.vupen.com/english/advisories/2010/0719
http://www.vupen.com/english/advisories/2010/1386
http://www.vupen.com/english/advisories/2011/0415

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.71556
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201206-30 (sendmail)
Resumen:	The remote host is missing updates announced in;advisory GLSA 201206-30.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 201206-30. Vulnerability Insight: An error in the hostname matching in sendmail might enable remote attackers to conduct man-in-the-middle attacks. Solution: All sendmail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/sendmail-8.14.4' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4565 BugTraq ID: 37543 http://www.securityfocus.com/bid/37543 Debian Security Information: DSA-1985 (Google Search) http://www.debian.org/security/2010/dsa-1985 http://security.gentoo.org/glsa/glsa-201206-30.xml HPdes Security Advisory: HPSBUX02508 http://marc.info/?l=bugtraq&m=126953289726317&w=2 HPdes Security Advisory: SSRT100007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822 http://www.redhat.com/support/errata/RHSA-2011-0262.html http://secunia.com/advisories/37998 http://secunia.com/advisories/38314 http://secunia.com/advisories/38915 http://secunia.com/advisories/39088 http://secunia.com/advisories/40109 http://secunia.com/advisories/43366 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1 SuSE Security Announcement: SUSE-SR:2010:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://www.vupen.com/english/advisories/2009/3661 http://www.vupen.com/english/advisories/2010/0719 http://www.vupen.com/english/advisories/2010/1386 http://www.vupen.com/english/advisories/2011/0415
Copyright	Copyright (C) 2012 E-Soft Inc.