English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2010-3
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 18 Jan 2010
 Last revised: 18 Jan 2010

 Package: sendmail

 Summary: man-in-the-middle attack

 More information:
    Sendmail is a Mail Transport Agent, which is the program that moves mail
    from one machine to another.

    sendmail before 8.14.4 does not properly handle a '\0' (NUL)
    character in a Common Name (CN) field of an X.509 certificate, which
    (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based
    SMTP servers via a crafted server certificate issued by a legitimate
    Certification Authority, and (2) allows remote attackers to bypass
    intended access restrictions via a crafted client certificate issued by
    a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-4565).

 Affected Products:
    - Turbolinux Appliance Server 2.0
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server


 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   sendmail-8.13.1-11.src.rpm
      2030900 90ea5f3902ae69e2a883e854e64f5a7c

   Binary Packages
   Size: MD5

   sendmail-8.13.1-11.i586.rpm
       454082 3c77941065dc180a2203319b633d68fd
   sendmail-cf-8.13.1-11.i586.rpm
       157598 de9ccd7cd6caf8897d59fd06bac546c5

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/sendmail-8.13.1-11.src.rpm
      2030900 90ea5f3902ae69e2a883e854e64f5a7c

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-8.13.1-11.x86_64.rpm
       533240 0b6b2051c7253f2285e277d9c09a0caf
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-cf-8.13.1-11.x86_64.rpm
       157735 207114945eba5db62a1365833c3f7875
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-devel-8.13.1-11.x86_64.rpm
       134660 42ce9a9fc408f3f704871d476c416b7e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-doc-8.13.1-11.x86_64.rpm
       450774 6f3398446ed8ccf575fa83174760d5d1
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-vacation-8.13.1-11.x86_64.rpm
        58435 5544ce61b72bd525d90ceb0826d55e68

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/sendmail-8.13.1-11.src.rpm
      2030900 90ea5f3902ae69e2a883e854e64f5a7c

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-8.13.1-11.i586.rpm
       454082 3c77941065dc180a2203319b633d68fd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-cf-8.13.1-11.i586.rpm
       157598 de9ccd7cd6caf8897d59fd06bac546c5
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-devel-8.13.1-11.i586.rpm
       125572 77083f953c482b817fe8023cd4fb9d9c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-doc-8.13.1-11.i586.rpm
       450815 6dde5751c6c43b7e34552a95402dba49
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-vacation-8.13.1-11.i586.rpm
        50449 abb08c67ef3658244ade5292f45e0268


 References:

 CVE
   [CVE-2009-4565]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4565

 --------------------------------------------------------------------------
 Revision History
    18 Jan 2010 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2010 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)

iEYEARECAAYFAktUBy0ACgkQK0LzjOqIJMzHkQCgj6UoS2RTzmwii+KD9wdQ27p5
YRUAmQF5OGWet3LAqkWawJK1DSsxJtS1
=U8cn
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.