 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.13.2024.031.01 |
| Categoría: | Slackware Local Security Checks |
| Título: | Slackware: Security Advisory (SSA:2024-031-01) |
| Resumen: | The remote host is missing an update for the 'sendmail' package(s) announced via the SSA:2024-031-01 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'sendmail' package(s) announced via the SSA:2024-031-01 advisory. Vulnerability Insight: New sendmail packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ extra/sendmail/sendmail-8.18.1-i586-1_slack15.0.txz: Upgraded. sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. For more information, see: [link moved to references] (* Security fix *) extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded. +--------------------------+ Affected Software/OS: 'sendmail' package(s) on Slackware 15.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-51765 https://access.redhat.com/security/cve/CVE-2023-51765 https://bugzilla.redhat.com/show_bug.cgi?id=2255869 https://bugzilla.suse.com/show_bug.cgi?id=1218351 https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html https://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935cc https://lwn.net/Articles/956533/ https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ https://www.openwall.com/lists/oss-security/2023/12/21/7 https://www.openwall.com/lists/oss-security/2023/12/22/7 https://www.youtube.com/watch?v=V8KPV96g1To https://lists.debian.org/debian-lts-announce/2024/06/msg00004.html http://www.openwall.com/lists/oss-security/2023/12/24/1 http://www.openwall.com/lists/oss-security/2023/12/25/1 http://www.openwall.com/lists/oss-security/2023/12/26/5 http://www.openwall.com/lists/oss-security/2023/12/29/5 http://www.openwall.com/lists/oss-security/2023/12/30/1 http://www.openwall.com/lists/oss-security/2023/12/30/3 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |